CVE-2022-20519

Name of the Vulnerable Software and Affected Versions Android versions prior to the fixed version

Description The issue is related to a missing permission check in the onCreate method of AddAppNetworksActivity.java. This could allow a guest user to configure WiFi networks, potentially leading to local escalation of privilege without requiring additional execution privileges. User interaction is not necessary for exploitation.

Recommendations For Android versions prior to the fixed version, consider restricting access to the WiFi network configuration feature to prevent unauthorized changes until a patch is available. As a temporary workaround, review and enforce strict permission controls on the AddAppNetworksActivity.java to minimize the risk of exploitation.