CVE-2020-0119

Name of the Vulnerable Software and Affected Versions Android versions Android-10

Description The issue is related to a possible man in the middle attack due to improper certificate validation in the addOrUpdateNetworkInternal and related functions of WifiConfigManager.java. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is required for exploitation.

Recommendations For Android version Android-10, consider disabling the addOrUpdateNetworkInternal function in WifiConfigManager.java as a temporary workaround until a patch is available. Restrict access to Wi-Fi networks to minimize the risk of exploitation. Avoid using untrusted Wi-Fi networks until the issue is resolved.