CVE-2021-0602
📋 TL;DR
This vulnerability allows guest users on Android devices to view and modify Wi-Fi settings for all configured access points due to a permissions bypass in the WifiNetworkDetailsFragment. This could lead to local privilege escalation without requiring additional execution privileges. Affects Android 10 and 11 devices.
💻 Affected Systems
- Android
📦 What is this software?
Android by Google
Android by Google
⚠️ Risk & Real-World Impact
Worst Case
Guest user gains administrative control over Wi-Fi settings, could connect to malicious networks, modify enterprise configurations, or disrupt network connectivity for all users.
Likely Case
Guest user views saved Wi-Fi networks, modifies personal device settings, or connects to unauthorized networks.
If Mitigated
Guest users remain restricted to their intended limited access with no ability to modify system Wi-Fi settings.
🎯 Exploit Status
Exploitation requires guest user access to the device but no special technical skills. User interaction is not needed for exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Android Security Patch Level July 2021 or later
Vendor Advisory: https://source.android.com/security/bulletin/2021-07-01
Restart Required: Yes
Instructions:
1. Check current Android security patch level in Settings > About phone > Android version. 2. Install July 2021 or later security update via Settings > System > System update. 3. Reboot device after update installation.
🔧 Temporary Workarounds
Disable Guest User Mode
androidRemove guest user functionality to prevent exploitation vector
Navigate to Settings > System > Multiple users > Guest > Remove guest
Restrict Wi-Fi Settings Access
androidUse device management policies to restrict guest user permissions
Use Android Enterprise or MDM solutions to enforce restricted profiles
🧯 If You Can't Patch
- Disable guest user accounts entirely on all affected devices
- Implement physical security controls to prevent unauthorized device access
🔍 How to Verify
Check if Vulnerable:
Check Android version and security patch level: Settings > About phone > Android version. If Android 10 or 11 with patch level before July 2021, device is vulnerable.Check Version:
adb shell getprop ro.build.version.security_patchVerify Fix Applied:
Confirm Android security patch level is July 2021 or later in Settings > About phone > Android version.📡 Detection & Monitoring
Log Indicators:
- Guest user accessing Wi-Fi settings menus
- Unauthorized Wi-Fi configuration changes in system logs
Network Indicators:
- Guest user device connecting to unexpected Wi-Fi networks
SIEM Query:
source="android_system" AND (event="wifi_config_change" OR event="settings_access") AND user="guest"