CVE-2018-9489

State: PUBLISHED · Published: 2018-11-06 · Updated: 2024-09-16 · Assigner: google_android

Description

When wifi is switched, function sendNetworkStateChangeBroadcast of WifiStateMachine.java broadcasts an intent including detailed wifi network information. This could lead to information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-77286245.

CWE

(none)

Affected

Google Inc. / Android — v=Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 [affected]

CVSS

(none)

References

https://wwws.nightwatchcybersecurity.com/2018/08/29/sensitive-data-exposure-via-wifi-broadcasts-in-android-os-cve-2018-9489/ x_refsource_MISC
http://www.securitytracker.com/id/1041590 vdb-entry, x_refsource_SECTRACK

Source

cvelistV5-main/cves/2018/9xxx/CVE-2018-9489.json