CVE-2022-20503

CVE-2022-20503 targets the WifiDppConfiguratorActivity.java on Android 13. In onCreate, a missing permission check allows a guest user to add a WiFi configuration, enabling local elevation of privilege with no additional execution privileges and without user interaction. The CVSSv3.1 metrics show...