CVE-2024-49734
published 2025-01-21CVE-2024-49734: In multiple functions of ConnectivityService.java, there is a possible way for a Wi-Fi AP to determine what site a device has connected to through a VPN due to…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
In multiple functions of ConnectivityService.java, there is a possible way for a Wi-Fi AP to determine what site a device has connected to through a VPN due to side channel information disclosure. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| platform | frameworks_libs_net | >= 14:0 < 14:2025-01-01 | 14:2025-01-01 |
| platform | packages_modules_connectivity | >= 14:0 < 14:2025-01-01 | 14:2025-01-01 |
| platform | packages_modules_connectivity | >= 15-next:0 < 15-next:2025-01-01 | 15-next:2025-01-01 |
| platform | packages_modules_connectivity | >= 15:0 < 15:2025-01-01 | 15:2025-01-01 |