CVE-2021-39768

Name of the Vulnerable Software and Affected Versions Android versions prior to the fixed version

Description The issue allows for the addition of an auto-connect WiFi network without user consent due to a missing permission check in Settings. This could lead to local escalation of privilege with no additional execution privileges needed, requiring user interaction for exploitation.

Recommendations For Android versions prior to the fixed version, consider restricting WiFi network settings to prevent unauthorized changes until a patch is available. As a temporary workaround, users should be cautious when interacting with WiFi settings to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.