PT-2022-20291 · Unknown · Semwifiapclient

Published

2022-07-11

Updated

2023-07-21

CVE-2022-30752

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions SemWifiApClient versions prior to SMR Jul-2022 Release 1

Description The issue is related to an improper access control vulnerability in the sendDHCPACKBroadcast function. This vulnerability allows an attacker to access the WiFi AP client MAC address that is connected by using the WIFI AP STA STATE CHANGED action.

Recommendations For SemWifiApClient versions prior to SMR Jul-2022 Release 1, update to SMR Jul-2022 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the sendDHCPACKBroadcast function until a patch is available. Avoid using the WIFI AP STA STATE CHANGED action in the affected SemWifiApClient until the issue is resolved.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2022-30752

Affected Products

Semwifiapclient

PT-2022-20291 · Unknown · Semwifiapclient

CVE-2022-30752

Weakness Enumeration

Related Identifiers

Affected Products

References · 4