Platform Packages Modules Wifi vulnerabilities

CVE-2025-48524 CVE-2025-48524: In isSystem of WifiPermissionsUtil In isSystem of WifiPermissionsUtil.java, there is a possible permission bypass due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2025-26423 CVE-2025-26423: In validateIpConfiguration of WifiConfigurationUtil In validateIpConfiguration of WifiConfigurationUtil.java, there is a possible way to trigger a permanent DoS due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-43083 CVE-2024-43083: In validate of WifiConfigurationUtil In validate of WifiConfigurationUtil.java , there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2024-40674 CVE-2024-40674: In validateSsid of WifiConfigurationUtil In validateSsid of WifiConfigurationUtil.java, there is a possible way to overflow a system configuration file due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21114 CVE-2023-21114: In multiple locations, there is a possible permission bypass due to a confused deputy In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21252 CVE-2023-21252: In validatePassword of WifiConfigurationUtil In validatePassword of WifiConfigurationUtil.java, there is a possible way to get the device into a boot loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-20965 CVE-2023-20965: In processMessageImpl of ClientModeImpl In processMessageImpl of ClientModeImpl.java, there is a possible credential disclosure in the TOFU flow due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21242 CVE-2023-21242: In isServerCertChainValid of InsecureEapNetworkHandler In isServerCertChainValid of InsecureEapNetworkHandler.java, there is a possible way to trust an imposter server due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21240 CVE-2023-21240: In Policy of Policy In Policy of Policy.java, there is a possible boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21243 CVE-2023-21243: In validateForCommonR1andR2 of PasspointConfiguration In validateForCommonR1andR2 of PasspointConfiguration.java, there is a possible way to inflate the size of a config file with no limits due to a buffer overflow. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2023-21027 CVE-2023-21027: In multiple functions of PasspointXmlUtils In multiple functions of PasspointXmlUtils.java, there is a possible authentication misconfiguration due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21179 CVE-2023-21179: In parseSecurityParamsFromXml of XmlUtil In parseSecurityParamsFromXml of XmlUtil.java, there is a possible bypass of user specified wifi encryption protocol due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21185 CVE-2023-21185: In multiple functions of WifiNetworkFactory In multiple functions of WifiNetworkFactory.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20463 CVE-2022-20463: In factoryReset of WifiServiceImpl In factoryReset of WifiServiceImpl.java, there is a possible way to preserve WiFi settings due to a logic error in the code. This could lead to local non-security issues across resets with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21033 CVE-2023-21033: In addNetwork of WifiManager In addNetwork of WifiManager.java, there is a possible way to trigger a persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-21021 CVE-2023-21021: In isTargetSdkLessThanQOrPrivileged of WifiServiceImpl In isTargetSdkLessThanQOrPrivileged of WifiServiceImpl.java, there is a possible way for the guest user to change admin user network settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20499 CVE-2022-20499: In validateForCommonR1andR2 of PasspointConfiguration In validateForCommonR1andR2 of PasspointConfiguration.java, uncaught errors in parsing stored configs could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20481 CVE-2022-20481: In multiple files, there is a possible way to preserve WiFi settings due to residual data after a reset In multiple files, there is a possible way to preserve WiFi settings due to residual data after a reset. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

CVE-2022-20240 CVE-2022-20240: In sOpAllowSystemRestrictionBypass of AppOpsManager In sOpAllowSystemRestrictionBypass of AppOpsManager.java, there is a possible leak of location information due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2022-20535 CVE-2022-20535: In registerLocalOnlyHotspotSoftApCallback of WifiManager In registerLocalOnlyHotspotSoftApCallback of WifiManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.