PT-2022-15311 · Tencent · Tencentwifisecurity

Published

2022-01-07

Updated

2022-01-14

CVE-2022-22266

CVSS v3.1

4.0

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions TencentWifiSecurity application versions prior to SMR Jan-2022 Release 1

Description The issue concerns an unprotected WifiEvaluationService in the TencentWifiSecurity application, which allows untrusted applications to obtain WiFi information without proper permission. This affects China models only.

Recommendations For versions prior to SMR Jan-2022 Release 1, update to SMR Jan-2022 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the WifiEvaluationService to minimize the risk of exploitation.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2022-22266

Affected Products

Tencentwifisecurity

PT-2022-15311 · Tencent · Tencentwifisecurity

CVE-2022-22266

Weakness Enumeration

Related Identifiers

Affected Products

References · 3