MidnightBSD

Advisories for mediatek

CVE-2018-12041 MEDIUM

An issue was discovered on the MediaTek AWUS036NH wireless USB adapter through 5.1.25.0. Attackers can remotely deny service by sending specially constructed 802.11 frames.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
mediatek awus036nh_firmware 5.1.25.0
CVE-2019-15027 HIGH

The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on MT65xx, MT66xx, and MT8163 SoC devices allows attackers to execute arbitrary commands as root via shell metacharacters in a filename under /data, because clear_emmc_nomedia_entry in platform/mt6577/external/meta/emmc/meta_clr_emmc.c invokes 'system("/system/bin/rm -r /data/' followed by this filename upon an eMMC clearance from a Meta Mode boot. NOTE: compromise of Fire OS on the Amazon Echo Dot would require a second hypothetical vulnerability that allows creation of the required file under /data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
mediatek mt8163_firmware -
mediatek mt6625_firmware -
mediatek mt6577_firmware -
CVE-2019-18989 MEDIUM

A partial authentication bypass vulnerability exists on Mediatek MT7620N 1.06 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-290,

Products Affected

Vendor Product Version
mediatek mt7620n_firmware 1.06
CVE-2021-30636 HIGH

In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corruption due to an integer overflow during mishandled memory allocation by pvPortCalloc and pvPortRealloc.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
mediatek linkit_software_development_kit *
CVE-2021-31573

In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
mediatek en7580_firmware *
mediatek en7528_firmware *
CVE-2021-31574

In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
mediatek en7580_firmware *
mediatek en7528_firmware *
CVE-2021-31575

In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
mediatek en7580_firmware *
mediatek en7528_firmware *
CVE-2021-31576

In Boa, there is a possible information disclosure due to a missing permission check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
mediatek en7580_firmware *
mediatek en7528_firmware *
CVE-2021-31577

In Boa, there is a possible escalation of privilege due to a missing permission check. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
mediatek en7580_firmware *
mediatek en7528_firmware *
CVE-2021-31578

In Boa, there is a possible escalation of privilege due to a stack buffer overflow. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
mediatek en7580_firmware *
mediatek en7528_firmware *
CVE-2021-32467 MEDIUM

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds read).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
cve@mitre.org 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L 3.9 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
mediatek mt7613_firmware 7.4.0.0
mediatek mt7628_firmware 7.4.0.0
mediatek mt7629_firmware 7.4.0.0
mediatek mt7622_firmware 7.4.0.0
mediatek mt7612_firmware 7.4.0.0
mediatek mt7615_firmware 7.4.0.0
mediatek mt7620_firmware 7.4.0.0
mediatek mt7603e_firmware 7.4.0.0
mediatek mt7915_firmware 7.4.0.0
CVE-2021-32468 MEDIUM

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds read).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L 3.9 4.2
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
mediatek mt7613_firmware 7.4.0.0
mediatek mt7628_firmware 7.4.0.0
mediatek mt7629_firmware 7.4.0.0
mediatek mt7622_firmware 7.4.0.0
mediatek mt7612_firmware 7.4.0.0
mediatek mt7615_firmware 7.4.0.0
mediatek mt7620_firmware 7.4.0.0
mediatek mt7610_firmware 7.4.0.0
mediatek mt7603e_firmware 7.4.0.0
mediatek mt7915_firmware 7.4.0.0
CVE-2021-32469 MEDIUM

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915 Affected Software Versions 7.4.0.0; Out-of-bounds read).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
cve@mitre.org 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L 3.9 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
mediatek mt7613_firmware 7.4.0.0
mediatek mt7628_firmware 7.4.0.0
mediatek mt7629_firmware 7.4.0.0
mediatek mt7622_firmware 7.4.0.0
mediatek mt7612_firmware 7.4.0.0
mediatek mt7615_firmware 7.4.0.0
mediatek mt7620_firmware 7.4.0.0
mediatek mt7610_firmware 7.4.0.0
mediatek mt7603e_firmware 7.4.0.0
mediatek mt7915_firmware 7.4.0.0
CVE-2021-32484 HIGH

In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500621; Issue ID: ALPS04964917.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
mediatek modem lr12a
mediatek modem lr13
CVE-2021-32485 HIGH

In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500621; Issue ID: ALPS04964926.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
mediatek modem lr12a
mediatek modem lr13
CVE-2021-32486 HIGH

In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500621; Issue ID: ALPS04964928.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
mediatek modem lr12a
mediatek modem lr13
CVE-2021-32487 HIGH

In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500736; Issue ID: ALPS04938456.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
mediatek modem lr12a
mediatek modem lr13
CVE-2021-35055 HIGH

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds write).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L 3.9 4.2
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
mediatek mt7613_firmware 7.4.0.0
mediatek mt7628_firmware 7.4.0.0
mediatek mt7629_firmware 7.4.0.0
mediatek mt7622_firmware 7.4.0.0
mediatek mt7612_firmware 7.4.0.0
mediatek mt7615_firmware 7.4.0.0
mediatek mt7620_firmware 7.4.0.0
mediatek mt7610_firmware 7.4.0.0
mediatek mt7603e_firmware 7.4.0.0
mediatek mt7915_firmware 7.4.0.0
CVE-2021-37560 HIGH

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds write).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L 3.9 4.2

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
mediatek mt7613_firmware 7.4.0.0
mediatek mt7628_firmware 7.4.0.0
mediatek mt7629_firmware 7.4.0.0
mediatek mt7622_firmware 7.4.0.0
mediatek mt7612_firmware 7.4.0.0
mediatek mt7615_firmware 7.4.0.0
mediatek mt7620_firmware 7.4.0.0
mediatek mt7610_firmware 7.4.0.0
mediatek mt7603e_firmware 7.4.0.0
mediatek mt7915_firmware 7.4.0.0
CVE-2021-37561 HIGH

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds write).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L 3.9 4.2
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
mediatek mt7613_firmware 7.4.0.0
mediatek mt7628_firmware 7.4.0.0
mediatek mt7629_firmware 7.4.0.0
mediatek mt7622_firmware 7.4.0.0
mediatek mt7612_firmware 7.4.0.0
mediatek mt7615_firmware 7.4.0.0
mediatek mt7620_firmware 7.4.0.0
mediatek mt7610_firmware 7.4.0.0
mediatek mt7603e_firmware 7.4.0.0
mediatek mt7915_firmware 7.4.0.0
CVE-2021-37562 MEDIUM

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds read).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L 3.9 4.2
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
mediatek mt7613_firmware 7.4.0.0
mediatek mt7628_firmware 7.4.0.0
mediatek mt7629_firmware 7.4.0.0
mediatek mt7622_firmware 7.4.0.0
mediatek mt7612_firmware 7.4.0.0
mediatek mt7615_firmware 7.4.0.0
mediatek mt7620_firmware 7.4.0.0
mediatek mt7610_firmware 7.4.0.0
mediatek mt7603e_firmware 7.4.0.0
mediatek mt7915_firmware 7.4.0.0
CVE-2021-37563 HIGH

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds write).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L 3.9 4.2

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
mediatek mt7613_firmware 7.4.0.0
mediatek mt7628_firmware 7.4.0.0
mediatek mt7629_firmware 7.4.0.0
mediatek mt7622_firmware 7.4.0.0
mediatek mt7612_firmware 7.4.0.0
mediatek mt7615_firmware 7.4.0.0
mediatek mt7620_firmware 7.4.0.0
mediatek mt7610_firmware 7.4.0.0
mediatek mt7603e_firmware 7.4.0.0
mediatek mt7915_firmware 7.4.0.0
CVE-2021-37564 MEDIUM

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds read).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
cve@mitre.org 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L 3.9 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
mediatek mt7615_firmware 2.0.2
mediatek mt7915_firmware 2.0.2
mediatek mt7603e_firmware 2.0.2
mediatek mt7613_firmware 2.0.2
mediatek mt7629_firmware 2.0.2
mediatek mt7622_firmware 2.0.2
mediatek mt7628_firmware 2.0.2
CVE-2021-37565 MEDIUM

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds read).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L 3.9 4.2
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
mediatek mt7615_firmware 2.0.2
mediatek mt7915_firmware 2.0.2
mediatek mt7603e_firmware 2.0.2
mediatek mt7613_firmware 2.0.2
mediatek mt7629_firmware 2.0.2
mediatek mt7622_firmware 2.0.2
mediatek mt7628_firmware 2.0.2
CVE-2021-37566 HIGH

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7610, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds write).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L 3.9 4.2

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
mediatek mt7615_firmware 2.0.2
mediatek mt7915_firmware 2.0.2
mediatek mt7603e_firmware 2.0.2
mediatek mt7613_firmware 2.0.2
mediatek mt7629_firmware 2.0.2
mediatek mt7610_firmware 2.0.2
mediatek mt7622_firmware 2.0.2
mediatek mt7628_firmware 2.0.2
mediatek mt7620_firmware 2.0.2
CVE-2021-37567 MEDIUM

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds read).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L 3.9 4.2
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
mediatek mt7615_firmware 2.0.2
mediatek mt7915_firmware 2.0.2
mediatek mt7603e_firmware 2.0.2
mediatek mt7613_firmware 2.0.2
mediatek mt7629_firmware 2.0.2
mediatek mt7622_firmware 2.0.2
mediatek mt7628_firmware 2.0.2
CVE-2021-37568 HIGH

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds write).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L 3.9 4.2
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
mediatek mt7615_firmware 2.0.2
mediatek mt7915_firmware 2.0.2
mediatek mt7603e_firmware 2.0.2
mediatek mt7613_firmware 2.0.2
mediatek mt7629_firmware 2.0.2
mediatek mt7622_firmware 2.0.2
mediatek mt7628_firmware 2.0.2
CVE-2021-37569 HIGH

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds write).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L 3.9 4.2

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
mediatek mt7615_firmware 2.0.2
mediatek mt7915_firmware 2.0.2
mediatek mt7603e_firmware 2.0.2
mediatek mt7613_firmware 2.0.2
mediatek mt7629_firmware 2.0.2
mediatek mt7622_firmware 2.0.2
mediatek mt7628_firmware 2.0.2
CVE-2021-37570 MEDIUM

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds read).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
cve@mitre.org 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L 3.9 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
mediatek mt7615_firmware 2.0.2
mediatek mt7915_firmware 2.0.2
mediatek mt7603e_firmware 2.0.2
mediatek mt7613_firmware 2.0.2
mediatek mt7629_firmware 2.0.2
mediatek mt7622_firmware 2.0.2
mediatek mt7628_firmware 2.0.2
CVE-2021-37571 HIGH

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds write).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L 3.9 4.2
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
mediatek mt7615_firmware 2.0.2
mediatek mt7915_firmware 2.0.2
mediatek mt7603e_firmware 2.0.2
mediatek mt7613_firmware 2.0.2
mediatek mt7629_firmware 2.0.2
mediatek mt7622_firmware 2.0.2
mediatek mt7628_firmware 2.0.2
CVE-2021-37572 MEDIUM

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Missing authorization).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
cve@mitre.org 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L 3.9 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-862,

Products Affected

Vendor Product Version
mediatek mt7615_firmware 2.0.2
mediatek mt7915_firmware 2.0.2
mediatek mt7603e_firmware 2.0.2
mediatek mt7613_firmware 2.0.2
mediatek mt7629_firmware 2.0.2
mediatek mt7622_firmware 2.0.2
mediatek mt7628_firmware 2.0.2
CVE-2021-37583 HIGH

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds write).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9
cve@mitre.org 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L 3.9 4.2

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
mediatek mt7615_firmware 2.0.2
mediatek mt7915_firmware 2.0.2
mediatek mt7603e_firmware 2.0.2
mediatek mt7613_firmware 2.0.2
mediatek mt7629_firmware 2.0.2
mediatek mt7622_firmware 2.0.2
mediatek mt7628_firmware 2.0.2
CVE-2021-37584 HIGH

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds write).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 8.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L 3.9 4.2
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
mediatek mt7613_firmware 7.4.0.0
mediatek mt7628_firmware 7.4.0.0
mediatek mt7629_firmware 7.4.0.0
mediatek mt7622_firmware 7.4.0.0
mediatek mt7612_firmware 7.4.0.0
mediatek mt7615_firmware 7.4.0.0
mediatek mt7620_firmware 7.4.0.0
mediatek mt7610_firmware 7.4.0.0
mediatek mt7603e_firmware 7.4.0.0
mediatek mt7915_firmware 7.4.0.0
CVE-2021-40148 MEDIUM

In Modem EMM, there is a possible information disclosure due to a missing data encryption. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00716585; Issue ID: ALPS05886933.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-319,

Products Affected

Vendor Product Version
mediatek lr11 -
mediatek lr13 -
mediatek lr12 -
mediatek lr12a -
mediatek l9 *
mediatek nr15 -
CVE-2021-41788 HIGH

MediaTek microchips, as used in NETGEAR devices through 2021-12-13 and other devices, mishandle attempts at Wi-Fi authentication flooding. (Affected Chipsets MT7603E, MT7612, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
cve@mitre.org 6.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L 2.2 4.2

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
mediatek mt7613_firmware 7.4.0.0
mediatek mt7628_firmware 7.4.0.0
mediatek mt7629_firmware 7.4.0.0
mediatek mt7622_firmware 7.4.0.0
mediatek mt7612_firmware 7.4.0.0
mediatek mt7615_firmware 7.4.0.0
mediatek mt7603e_firmware 7.4.0.0
mediatek mt7915_firmware 7.4.0.0
CVE-2021-41789 MEDIUM

In wifi driver, there is a possible system crash due to a missing validation check. This could lead to remote denial of service from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20190426015; Issue ID: GN20190426015.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
mediatek mt7615_firmware 4.4.1.1
mediatek mt7622_firmware 4.4.1.1
CVE-2022-20083 HIGH

In Modem 2G/3G CC, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution when decoding combined FACILITY with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00803883; Issue ID: MOLY00803883.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
mediatek lr11 -
mediatek lr13 -
mediatek nr16 -
mediatek lr12 -
mediatek lr12a -
mediatek nr15 -
mediatek lr9 -
CVE-2022-21744 HIGH

In Modem 2G RR, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution when decoding GPRS Packet Neighbour Cell Data (PNCD) improper neighbouring cell size with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00810064; Issue ID: ALPS06641626.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
mediatek lr11 -
mediatek lr13 -
mediatek nr16 -
mediatek lr12 -
mediatek lr12a -
mediatek nr15 -
mediatek lr9 -
CVE-2022-26437

In httpclient, there is a possible out of bounds write due to uninitialized data. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WSAP00103831; Issue ID: WSAP00103831.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
mediatek nbiot_sdk 2.8.1
CVE-2022-26438

In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420013; Issue ID: GN20220420013.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
mediatek mt8981_firmware 7.6.2.3
mediatek mt7916_firmware 7.6.2.3
mediatek mt7622_firmware 7.6.2.3
mediatek mt7915_firmware 7.6.2.3
mediatek mt7613_firmware 7.6.2.3
mediatek mt7629_firmware 7.6.2.3
mediatek mt7620_firmware 7.6.2.3
mediatek mt7628_firmware 7.6.2.3
mediatek mt7610_firmware 7.6.2.3
mediatek mt7615_firmware 7.6.2.3
mediatek mt7603_firmware 7.6.2.3
mediatek mt7986_firmware 7.6.2.3
mediatek mt7612_firmware 7.6.2.3
CVE-2022-26439

In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420020; Issue ID: GN20220420020.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
mediatek mt8981_firmware 7.6.2.3
mediatek mt7916_firmware 7.6.2.3
mediatek mt7622_firmware 7.6.2.3
mediatek mt7915_firmware 7.6.2.3
mediatek mt7613_firmware 7.6.2.3
mediatek mt7629_firmware 7.6.2.3
mediatek mt7620_firmware 7.6.2.3
mediatek mt7628_firmware 7.6.2.3
mediatek mt7610_firmware 7.6.2.3
mediatek mt7615_firmware 7.6.2.3
mediatek mt7603_firmware 7.6.2.3
mediatek mt7986_firmware 7.6.2.3
mediatek mt7612_firmware 7.6.2.3
CVE-2022-26440

In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420037; Issue ID: GN20220420037.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
mediatek mt8981_firmware 7.6.2.3
mediatek mt7916_firmware 7.6.2.3
mediatek mt7622_firmware 7.6.2.3
mediatek mt7915_firmware 7.6.2.3
mediatek mt7613_firmware 7.6.2.3
mediatek mt7629_firmware 7.6.2.3
mediatek mt7620_firmware 7.6.2.3
mediatek mt7628_firmware 7.6.2.3
mediatek mt7610_firmware 7.6.2.3
mediatek mt7615_firmware 7.6.2.3
mediatek mt7603_firmware 7.6.2.3
mediatek mt7986_firmware 7.6.2.3
mediatek mt7612_firmware 7.6.2.3
CVE-2022-26441

In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420044; Issue ID: GN20220420044.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
mediatek mt8981_firmware 7.6.2.3
mediatek mt7916_firmware 7.6.2.3
mediatek mt7622_firmware 7.6.2.3
mediatek mt7915_firmware 7.6.2.3
mediatek mt7613_firmware 7.6.2.3
mediatek mt7629_firmware 7.6.2.3
mediatek mt7620_firmware 7.6.2.3
mediatek mt7628_firmware 7.6.2.3
mediatek mt7610_firmware 7.6.2.3
mediatek mt7615_firmware 7.6.2.3
mediatek mt7603_firmware 7.6.2.3
mediatek mt7986_firmware 7.6.2.3
mediatek mt7612_firmware 7.6.2.3
CVE-2022-26442

In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420051; Issue ID: GN20220420051.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
mediatek mt8981_firmware 7.6.2.3
mediatek mt7916_firmware 7.6.2.3
mediatek mt7622_firmware 7.6.2.3
mediatek mt7915_firmware 7.6.2.3
mediatek mt7613_firmware 7.6.2.3
mediatek mt7629_firmware 7.6.2.3
mediatek mt7620_firmware 7.6.2.3
mediatek mt7628_firmware 7.6.2.3
mediatek mt7610_firmware 7.6.2.3
mediatek mt7615_firmware 7.6.2.3
mediatek mt7603_firmware 7.6.2.3
mediatek mt7986_firmware 7.6.2.3
mediatek mt7612_firmware 7.6.2.3
CVE-2022-26443

In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420068; Issue ID: GN20220420068.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
mediatek mt8981_firmware 7.6.2.3
mediatek mt7916_firmware 7.6.2.3
mediatek mt7622_firmware 7.6.2.3
mediatek mt7915_firmware 7.6.2.3
mediatek mt7613_firmware 7.6.2.3
mediatek mt7629_firmware 7.6.2.3
mediatek mt7620_firmware 7.6.2.3
mediatek mt7628_firmware 7.6.2.3
mediatek mt7610_firmware 7.6.2.3
mediatek mt7615_firmware 7.6.2.3
mediatek mt7603_firmware 7.6.2.3
mediatek mt7986_firmware 7.6.2.3
mediatek mt7612_firmware 7.6.2.3
CVE-2022-26444

In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420075; Issue ID: GN20220420075.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
mediatek mt8981_firmware 7.6.2.3
mediatek mt7916_firmware 7.6.2.3
mediatek mt7622_firmware 7.6.2.3
mediatek mt7915_firmware 7.6.2.3
mediatek mt7613_firmware 7.6.2.3
mediatek mt7629_firmware 7.6.2.3
mediatek mt7620_firmware 7.6.2.3
mediatek mt7628_firmware 7.6.2.3
mediatek mt7610_firmware 7.6.2.3
mediatek mt7615_firmware 7.6.2.3
mediatek mt7603_firmware 7.6.2.3
mediatek mt7986_firmware 7.6.2.3
mediatek mt7612_firmware 7.6.2.3
CVE-2022-26445

In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420088; Issue ID: GN20220420088.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
mediatek mt8981_firmware 7.6.2.3
mediatek mt7916_firmware 7.6.2.3
mediatek mt7622_firmware 7.6.2.3
mediatek mt7915_firmware 7.6.2.3
mediatek mt7613_firmware 7.6.2.3
mediatek mt7629_firmware 7.6.2.3
mediatek mt7620_firmware 7.6.2.3
mediatek mt7628_firmware 7.6.2.3
mediatek mt7610_firmware 7.6.2.3
mediatek mt7615_firmware 7.6.2.3
mediatek mt7603_firmware 7.6.2.3
mediatek mt7986_firmware 7.6.2.3
mediatek mt7612_firmware 7.6.2.3
CVE-2022-26446

In Modem 4G RRC, there is a possible system crash due to improper input validation. This could lead to remote denial of service, when concatenating improper SIB12 (CMAS message), with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00867883; Issue ID: ALPS07274118.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
mediatek lr13 -
mediatek nr16 -
mediatek lr12a -
mediatek nr15 -
CVE-2022-32654

In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705011; Issue ID: GN20220705011.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
mediatek mt7613_firmware 7.6.6.0
mediatek mt7682_firmware 7.6.6.0
mediatek mt7921_firmware 7.6.6.0
mediatek mt5221_firmware 7.6.6.0
mediatek mt7902_firmware 7.6.6.0
mediatek mt8365_firmware 7.6.6.0
mediatek mt7915_firmware 7.6.6.0
mediatek mt7622_firmware 7.6.6.0
mediatek mt7615_firmware 7.6.6.0
mediatek mt7668_firmware 7.6.6.0
mediatek mt8385_firmware 7.6.6.0
mediatek mt8788_firmware 7.6.6.0
mediatek mt7629_firmware 7.6.6.0
mediatek mt7686_firmware 7.6.6.0
mediatek mt8532_firmware 7.6.6.0
mediatek mt7628_firmware 7.6.6.0
mediatek mt7663_firmware 7.6.6.0
mediatek mt8518s_firmware 7.6.6.0
mediatek mt8362a_firmware 7.6.6.0
mediatek mt7697_firmware 7.6.6.0
mediatek mt8167s_firmware 7.6.6.0
mediatek mt8696_firmware 7.6.6.0
mediatek mt8175_firmware 7.6.6.0
mediatek mt7603_firmware 7.6.6.0
mediatek mt7933_firmware 7.6.6.0
mediatek mt7916_firmware 7.6.6.0
mediatek mt7687_firmware 7.6.6.0
mediatek mt7986_firmware 7.6.6.0
mediatek mt8695_firmware 7.6.6.0
mediatek mt7981_firmware 7.6.6.0
CVE-2022-32655

In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705028; Issue ID: GN20220705028.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
mediatek mt7613_firmware 7.6.6.0
mediatek mt7682_firmware 7.6.6.0
mediatek mt7921_firmware 7.6.6.0
mediatek mt5221_firmware 7.6.6.0
mediatek mt7902_firmware 7.6.6.0
mediatek mt8365_firmware 7.6.6.0
mediatek mt7915_firmware 7.6.6.0
mediatek mt7622_firmware 7.6.6.0
mediatek mt7615_firmware 7.6.6.0
mediatek mt7668_firmware 7.6.6.0
mediatek mt8385_firmware 7.6.6.0
mediatek mt8788_firmware 7.6.6.0
mediatek mt7629_firmware 7.6.6.0
mediatek mt7686_firmware 7.6.6.0
mediatek mt8532_firmware 7.6.6.0
mediatek mt7628_firmware 7.6.6.0
mediatek mt7663_firmware 7.6.6.0
mediatek mt8518s_firmware 7.6.6.0
mediatek mt8362a_firmware 7.6.6.0
mediatek mt7697_firmware 7.6.6.0
mediatek mt8167s_firmware 7.6.6.0
mediatek mt8696_firmware 7.6.6.0
mediatek mt8175_firmware 7.6.6.0
mediatek mt7603_firmware 7.6.6.0
mediatek mt7933_firmware 7.6.6.0
mediatek mt7916_firmware 7.6.6.0
mediatek mt7687_firmware 7.6.6.0
mediatek mt7986_firmware 7.6.6.0
mediatek mt8695_firmware 7.6.6.0
mediatek mt7981_firmware 7.6.6.0
CVE-2022-32656

In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705035; Issue ID: GN20220705035.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
mediatek mt7613_firmware 7.6.6.0
mediatek mt7682_firmware 7.6.6.0
mediatek mt7921_firmware 7.6.6.0
mediatek mt5221_firmware 7.6.6.0
mediatek mt7902_firmware 7.6.6.0
mediatek mt8365_firmware 7.6.6.0
mediatek mt7915_firmware 7.6.6.0
mediatek mt7622_firmware 7.6.6.0
mediatek mt7615_firmware 7.6.6.0
mediatek mt7668_firmware 7.6.6.0
mediatek mt8385_firmware 7.6.6.0
mediatek mt8788_firmware 7.6.6.0
mediatek mt7629_firmware 7.6.6.0
mediatek mt7686_firmware 7.6.6.0
mediatek mt8532_firmware 7.6.6.0
mediatek mt7628_firmware 7.6.6.0
mediatek mt7663_firmware 7.6.6.0
mediatek mt8518s_firmware 7.6.6.0
mediatek mt8362a_firmware 7.6.6.0
mediatek mt7697_firmware 7.6.6.0
mediatek mt8167s_firmware 7.6.6.0
mediatek mt8696_firmware 7.6.6.0
mediatek mt8175_firmware 7.6.6.0
mediatek mt7603_firmware 7.6.6.0
mediatek mt7933_firmware 7.6.6.0
mediatek mt7916_firmware 7.6.6.0
mediatek mt7687_firmware 7.6.6.0
mediatek mt7986_firmware 7.6.6.0
mediatek mt8695_firmware 7.6.6.0
mediatek mt7981_firmware 7.6.6.0
CVE-2022-32657

In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705042; Issue ID: GN20220705042.

Products Affected

Vendor Product Version
mediatek mt7915_firmware 7.6.6.0
mediatek mt7613_firmware 7.6.6.0
mediatek mt7628_firmware 7.6.6.0
mediatek mt7622_firmware 7.6.6.0
mediatek mt7615_firmware 7.6.6.0
mediatek mt7986_firmware 7.6.6.0
mediatek mt7629_firmware 7.6.6.0
mediatek mt7603_firmware 7.6.6.0
mediatek mt7916_firmware 7.6.6.0
mediatek mt7981_firmware 7.6.6.0
CVE-2022-32658

In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705059; Issue ID: GN20220705059.

Products Affected

Vendor Product Version
mediatek mt7915_firmware 7.6.6.0
mediatek mt7613_firmware 7.6.6.0
mediatek mt7628_firmware 7.6.6.0
mediatek mt7622_firmware 7.6.6.0
mediatek mt7615_firmware 7.6.6.0
mediatek mt7986_firmware 7.6.6.0
mediatek mt7629_firmware 7.6.6.0
mediatek mt7603_firmware 7.6.6.0
mediatek mt7916_firmware 7.6.6.0
mediatek mt7981_firmware 7.6.6.0
CVE-2022-32659

In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705066; Issue ID: GN20220705066.

Products Affected

Vendor Product Version
mediatek mt7613_firmware 7.6.6.0
mediatek mt7628_firmware 7.6.6.0
mediatek mt8518s_firmware 7.6.6.0
mediatek mt7603_firmware 7.6.6.0
mediatek mt7916_firmware 7.6.6.0
mediatek mt7915_firmware 7.6.6.0
thelinuxfoundation yocto 3.1
mediatek mt7622_firmware 7.6.6.0
thelinuxfoundation yocto 3.3
mediatek mt7615_firmware 7.6.6.0
mediatek mt7986_firmware 7.6.6.0
mediatek mt7629_firmware 7.6.6.0
mediatek mt7981_firmware 7.6.6.0
mediatek mt8532_firmware 7.6.6.0
CVE-2022-32663

In Wi-Fi driver, there is a possible system crash due to null pointer dereference. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220720014; Issue ID: GN20220720014.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
mediatek mt8167s_firmware 7.6.6.1
mediatek mt7916_firmware 7.6.6.1
mediatek mt7986_firmware 7.6.6.1
mediatek mt7615_firmware 7.6.6.1
mediatek mt7628_firmware 7.6.6.1
mediatek mt8385_firmware 7.6.6.1
mediatek mt7622_firmware 7.6.6.1
mediatek mt7902_firmware 7.6.6.1
mediatek mt5221_firmware 7.6.6.1
mediatek mt7603_firmware 7.6.6.1
mediatek mt8362a_firmware 7.6.6.1
mediatek mt8532_firmware 7.6.6.1
mediatek mt7921_firmware 7.6.6.1
mediatek mt7915_firmware 7.6.6.1
mediatek mt7613_firmware 7.6.6.1
mediatek mt7629_firmware 7.6.6.1
mediatek mt8175_firmware 7.6.6.1
mediatek mt7668_firmware 7.6.6.1
mediatek mt7981_firmware 7.6.6.1
mediatek mt8365_firmware 7.6.6.1
mediatek mt8518s_firmware 7.6.6.1
mediatek mt8788_firmware 7.6.6.1
CVE-2022-32664

In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Patch ID: A20220004; Issue ID: OSBNB00140929.

Products Affected

Vendor Product Version
mediatek linkit_software_development_kit *
CVE-2022-32665

In Boa, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20220026; Issue ID: OSBNB00144124.

Products Affected

Vendor Product Version
mediatek linkit_software_development_kit *
CVE-2022-32666

In Wi-Fi, there is a possible low throughput due to misrepresentation of critical information. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220829014; Issue ID: GN20220829014.

Products Affected

Vendor Product Version
mediatek mt7613_firmware 7.6.6.0
mediatek mt7628_firmware 7.6.6.0
mediatek mt7603_firmware 7.6.6.0
mediatek mt7916_firmware 7.6.6.0
mediatek mt8365_firmware 7.6.6.0
mediatek mt7915_firmware 7.6.6.0
linuxfoundation yocto 4.0
mediatek mt7622_firmware 7.6.6.0
mediatek mt7615_firmware 7.6.6.0
mediatek mt7986_firmware 7.6.6.0
mediatek mt7629_firmware 7.6.6.0
mediatek mt7981_firmware 7.6.6.0
CVE-2023-20673

In vcu, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519103; Issue ID: ALPS07519103.

Products Affected

Vendor Product Version
mediatek iot_yocto 22.2
google android 12.0
google android 11.0
google android 13.0
CVE-2023-20702

In 5G NRLC, there is a possible invalid memory access due to lack of error handling. This could lead to remote denial of service, if UE received invalid 1-byte rlc sdu, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00921261; Issue ID: MOLY01128895.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr17 -
mediatek nr15 -
CVE-2023-20812

In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944987; Issue ID: ALPS07944987.

Products Affected

Vendor Product Version
mediatek iot_yocto 23.0
google android 13.0
CVE-2023-20819

In CDMA PPP protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: MOLY01068234; Issue ID: ALPS08010003.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
mediatek lr11 -
mediatek lr13 -
mediatek nr16 -
mediatek nr17 -
mediatek lr12a -
mediatek nr15 -
CVE-2023-20835

In camsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341261; Issue ID: ALPS07326570.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9
nvd@nist.gov 6.4 MEDIUM CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.5 5.9

Products Affected

Vendor Product Version
linuxfoundation yocto 4.0
mediatek iot_yocto 23.0
google android 12.0
google android 13.0
CVE-2023-20839

In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326409.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N 0.6 3.6

Products Affected

Vendor Product Version
linux linux_kernel 6.1
linuxfoundation yocto 4.0
mediatek iot_yocto 23.0
google android 12.0
google android 11.0
CVE-2023-20840

In imgsys, there is a possible out of bounds read and write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326430; Issue ID: ALPS07326430.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.6 5.9
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.6 5.9

Products Affected

Vendor Product Version
linux linux_kernel 6.1
linuxfoundation yocto 4.0
mediatek iot_yocto 23.0
google android 12.0
google android 11.0
CVE-2023-20841

In imgsys, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326441.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.6 5.9
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.6 5.9

Products Affected

Vendor Product Version
linux linux_kernel 6.1
linuxfoundation yocto 4.0
mediatek iot_yocto 23.0
google android 12.0
google android 11.0
CVE-2023-20842

In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354259; Issue ID: ALPS07340477.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.6 5.9
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.6 5.9

Products Affected

Vendor Product Version
linux linux_kernel 6.1
linuxfoundation yocto 4.0
mediatek iot_yocto 23.0
google android 12.0
google android 11.0
CVE-2023-20843

In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340119; Issue ID: ALPS07340119.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N 0.6 3.6

Products Affected

Vendor Product Version
linux linux_kernel 6.1
linuxfoundation yocto 4.0
mediatek iot_yocto 23.0
google android 12.0
google android 11.0
CVE-2023-20844

In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354058; Issue ID: ALPS07340121.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N 0.6 3.6

Products Affected

Vendor Product Version
linux linux_kernel 6.1
linuxfoundation yocto 4.0
mediatek iot_yocto 23.0
google android 12.0
google android 11.0
CVE-2023-20845

In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07197795; Issue ID: ALPS07340357.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N 0.6 3.6

Products Affected

Vendor Product Version
linux linux_kernel 6.1
linuxfoundation yocto 4.0
mediatek iot_yocto 23.0
google android 12.0
google android 11.0
CVE-2023-20846

In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354023; Issue ID: ALPS07340098.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N 0.6 3.6

Products Affected

Vendor Product Version
linux linux_kernel 6.1
linuxfoundation yocto 4.0
mediatek iot_yocto 23.0
google android 12.0
google android 11.0
CVE-2023-20847

In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local denial of service with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354025; Issue ID: ALPS07340108.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H 0.6 3.6

Products Affected

Vendor Product Version
linux linux_kernel 6.1
linuxfoundation yocto 4.0
mediatek iot_yocto 23.0
google android 12.0
google android 11.0
CVE-2023-20848

In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340433.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.6 5.9
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.6 5.9

Products Affected

Vendor Product Version
linux linux_kernel 6.1
linuxfoundation yocto 4.0
mediatek iot_yocto 23.0
google android 12.0
google android 11.0
CVE-2023-20849

In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340350.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.6 5.9
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.6 5.9

Products Affected

Vendor Product Version
linux linux_kernel 6.1
linuxfoundation yocto 4.0
mediatek iot_yocto 23.0
google android 12.0
google android 11.0
CVE-2023-20850

In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340381.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.6 5.9
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.6 5.9

Products Affected

Vendor Product Version
linux linux_kernel 6.1
linuxfoundation yocto 4.0
mediatek iot_yocto 23.0
google android 12.0
google android 11.0
CVE-2023-32806

In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441589; Issue ID: ALPS07441589.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
linuxfoundation yocto 4.0
openwrt openwrt 21.02.0
mediatek iot_yocto 23.0
google android 12.0
google android 13.0
CVE-2023-32807

In wlan service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588360; Issue ID: ALPS07588360.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 0.8 3.6

Products Affected

Vendor Product Version
linuxfoundation yocto 4.0
mediatek iot_yocto 23.0
google android 13.0
CVE-2023-32811

In connectivity system driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929848; Issue ID: ALPS07929848.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
linuxfoundation yocto 4.0
mediatek iot_yocto 23.0
google android 12.0
google android 13.0
CVE-2023-32820

In wlan firmware, there is a possible firmware assertion due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07932637; Issue ID: ALPS07932637.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
linuxfoundation yocto 3.3
linux linux_kernel 4.19
mediatek iot_yocto 23.0
google android 12.0
google android 11.0
google android 13.0
linuxfoundation yocto 3.1
CVE-2023-32828

In vpu, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767817; Issue ID: ALPS07767817.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
mediatek iot_yocto 23.0
google android 12.0
CVE-2023-32829

In apusys, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07713478; Issue ID: ALPS07713478.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
linuxfoundation yocto 3.3
linuxfoundation yocto 4.0
mediatek iot_yocto 23.0
google android 12.0
google android 13.0
linuxfoundation yocto 3.1
CVE-2023-32831

In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could lead to local information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00325055; Issue ID: MSV-868.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
mediatek software_development_kit *
CVE-2023-32840

In modem CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction may be also needed for exploitation Patch ID: MOLY01138425; Issue ID: MOLY01138425 (MSV-862).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 0.6 5.9

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr17 -
mediatek lr12a -
mediatek nr15 -
CVE-2023-32841

In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01128524 (MSV-846).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr17 -
mediatek nr15 -
CVE-2023-32842

In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01130256; Issue ID: MOLY01130256 (MSV-848).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr17 -
mediatek nr15 -
CVE-2023-32843

In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01130204; Issue ID: MOLY01130204 (MSV-849).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr17 -
mediatek nr15 -
CVE-2023-32844

In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01130183 (MSV-850).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr17 -
mediatek nr15 -
CVE-2023-32845

In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01139296 (MSV-860).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr17 -
mediatek nr15 -
CVE-2023-32846

In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY01138453 (MSV-861).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr17 -
mediatek nr15 -
CVE-2023-32874

In Modem IMS Stack, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161803; Issue ID: MOLY01161803 (MSV-893).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
mediatek lr13 -
mediatek nr16 -
mediatek nr17 -
mediatek nr15 -
CVE-2023-32886

In Modem IMS SMS UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00730807; Issue ID: MOLY00730807.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr17 -
mediatek nr15 -
CVE-2023-32887

In Modem IMS Stack, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161837; Issue ID: MOLY01161837 (MSV-892).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr17 -
mediatek nr15 -
CVE-2023-32888

In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161830; Issue ID: MOLY01161830 (MSV-894).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr17 -
mediatek nr15 -
CVE-2023-32890

In modem EMM, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01183647; Issue ID: MOLY01183647 (MSV-963).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
mediatek lr13 -
mediatek nr16 -
mediatek nr17 -
mediatek nr15 -
CVE-2023-32891

In bluetooth service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07933038; Issue ID: MSV-559.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
mediatek lr13 -
mediatek nr16 -
mediatek nr17 -
google android 12.0
google android 11.0
google android 13.0
mediatek nr15 -
CVE-2024-20003

In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01191612 (MSV-981).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
mediatek nr15 -
CVE-2024-20004

In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01195812 (MSV-985).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
mediatek nr15 -
CVE-2024-20017

In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation Patch ID: WCNCR00350938; Issue ID: MSV-1132.

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
CVE-2024-20018

In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00348479; Issue ID: MSV-1019.

Products Affected

Vendor Product Version
mediatek software_development_kit *
CVE-2024-20019

In wlan driver, there is a possible memory leak due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00351241; Issue ID: MSV-1173.

Products Affected

Vendor Product Version
mediatek software_package *
CVE-2024-20039

In modem protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01240012; Issue ID: MSV-1215.

Products Affected

Vendor Product Version
mediatek lr13 -
mediatek nr16 -
mediatek nr17 -
mediatek lr12a -
mediatek nr15 -
CVE-2024-20055

In imgsys, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation Patch ID: ALPS08518692; Issue ID: MSV-1012.

Products Affected

Vendor Product Version
linuxfoundation yocto 4.0
mediatek iot_yocto 23.2
google android 12.0
google android 13.0
CVE-2024-20066

In modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is no needed for exploitation. Patch ID: MOLY01267281; Issue ID: MSV-1477.

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr17 -
CVE-2024-20067

In modem, there is a possible out of bounds write due to improper input invalidation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01267285; Issue ID: MSV-1462.

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr17 -
CVE-2024-20068

In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is no needed for exploitation. Patch ID: MOLY01270721; Issue ID: MSV-1479.

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr17 -
CVE-2024-20069

In modem, there is a possible selection of less-secure algorithm during the VoWiFi IKE due to a missing DH downgrade check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01286330; Issue ID: MSV-1430.

Products Affected

Vendor Product Version
mediatek nr15 -
CVE-2024-20070

In modem, there is a possible information disclosure due to using risky cryptographic algorithm during connection establishment negotiation. This could lead to remote information disclosure, when weak encryption algorithm is used, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00942482; Issue ID: MSV-1469.

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr17 -
mediatek nr15 -
CVE-2024-20071

In wlan driver, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00364733; Issue ID: MSV-1331.

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
openwrt openwrt 23.05
CVE-2024-20072

In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00364732; Issue ID: MSV-1332.

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
openwrt openwrt 23.05
CVE-2024-20073

In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00367704; Issue ID: MSV-1411.

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
CVE-2024-20076

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01297806; Issue ID: MSV-1481.

Products Affected

Vendor Product Version
mediatek lr12a -
CVE-2024-20077

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01297807; Issue ID: MSV-1482.

Products Affected

Vendor Product Version
mediatek lr12a -
CVE-2024-20082

In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01182594; Issue ID: MSV-1529.

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr17 -
mediatek nr15 -
CVE-2024-20094

In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00843282; Issue ID: MSV-1535.

Products Affected

Vendor Product Version
mediatek nr15 -
CVE-2024-20100

In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998449; Issue ID: MSV-1603.

Products Affected

Vendor Product Version
google android 14.0
google android 12.0
mediatek software_development_kit *
google android 13.0
mediatek iot_yocto 24.0
CVE-2024-20101

In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998901; Issue ID: MSV-1602.

Products Affected

Vendor Product Version
google android 14.0
google android 15.0
mediatek software_development_kit *
google android 13.0
CVE-2024-20103

In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09001358; Issue ID: MSV-1599.

Products Affected

Vendor Product Version
google android 14.0
google android 15.0
mediatek software_development_kit *
google android 13.0
CVE-2024-20131

In Modem, there is a possible escalation of privilege due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01395886; Issue ID: MSV-1873.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr17 -
CVE-2024-20132

In Modem, there is a possible out of bonds write due to a mission bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00957388; Issue ID: MSV-1872.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
mediatek nr16 -
CVE-2024-20133

In Modem, there is a possible escalation of privilege due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01395886; Issue ID: MSV-1871.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
mediatek nr16 -
CVE-2024-20138

In wlan driver, there is a possible out of bound read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998291; Issue ID: MSV-1604.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
google android 14.0
google android 15.0
mediatek software_development_kit *
google android 13.0
CVE-2024-20139

In Bluetooth firmware, there is a possible firmware asssert due to improper handling of exceptional conditions. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09001270; Issue ID: MSV-1600.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
linuxfoundation yocto 3.3
linuxfoundation yocto 4.0
google android 14.0
google android 15.0
linuxfoundation yocto 5.0
mediatek software_development_kit *
openwrt openwrt 23.05.0
google android 13.0
CVE-2024-20146

In wlan STA driver, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389496 / ALPS09137491; Issue ID: MSV-1835.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.1 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 2.8 5.2

Products Affected

Vendor Product Version
linuxfoundation yocto 3.3
linuxfoundation yocto 4.0
google android 14.0
google android 15.0
linuxfoundation yocto 5.0
mediatek software_development_kit *
google android 13.0
openwrt openwrt 23.05
CVE-2024-20147

In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389046 (Note: For MT79XX chipsets) / ALPS09136501 (Note: For MT2737, MT3603, MT6XXX, and MT8XXX chipsets); Issue ID: MSV-1797.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

Products Affected

Vendor Product Version
linuxfoundation yocto 3.3
linuxfoundation yocto 4.0
google android 14.0
google android 15.0
linuxfoundation yocto 5.0
mediatek software_development_kit *
google android 13.0
openwrt openwrt 23.05
CVE-2024-20148

In wlan STA FW, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389045 / ALPS09136494; Issue ID: MSV-1796.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
linuxfoundation yocto 3.3
linuxfoundation yocto 4.0
google android 14.0
google android 15.0
linuxfoundation yocto 5.0
mediatek software_development_kit *
google android 13.0
CVE-2024-20149

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01231341 / MOLY01263331 / MOLY01233835; Issue ID: MSV-2165.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
mediatek lr13 -
mediatek nr16 -
mediatek lr12 -
mediatek nr17.r1 -
mediatek nr17.r2 *
mediatek nr15 -
CVE-2024-20150

In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01412526; Issue ID: MSV-2018.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
mediatek lr13 -
mediatek nr16 -
mediatek nr17 -
mediatek lr12a -
mediatek nr15 -
CVE-2024-20153

In wlan STA, there is a possible way to trick a client to connect to an AP with spoofed SSID. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08990446 / ALPS09057442; Issue ID: MSV-1598.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
linuxfoundation yocto 3.3
linuxfoundation yocto 4.0
google android 14.0
google android 15.0
linuxfoundation yocto 5.0
mediatek software_development_kit *
CVE-2024-20154

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00720348; Issue ID: MSV-2392.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
mediatek lr13 -
mediatek lr12a -
mediatek nr16.r1.mp -
mediatek nr16.r2.mp -
mediatek nr16.r1.mp1mp2.mp -
CVE-2025-20631

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00397141; Issue ID: MSV-2187.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
mediatek software_development_kit *
CVE-2025-20632

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00397139; Issue ID: MSV-2188.

Products Affected

Vendor Product Version
mediatek software_development_kit *
CVE-2025-20634

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01289384; Issue ID: MSV-2436.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr17 -
mediatek nr17r -
CVE-2025-20644

In Modem, there is a possible memory corruption due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01525673; Issue ID: MSV-2747.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr15 -
CVE-2025-20646

In wlan AP FW, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389074; Issue ID: MSV-1803.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
mediatek software_development_kit *
CVE-2025-20647

In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00791311 / MOLY01067019; Issue ID: MSV-2721.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
mediatek nr12a -
mediatek nr16 -
mediatek nr13 -
mediatek nr15 -
CVE-2025-20649

In Bluetooth Stack SW, there is a possible information disclosure due to a missing permission check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00396437; Issue ID: MSV-2184.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
mediatek software_development_kit *
openwrt openwrt 23.05
CVE-2025-20659

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01519028; Issue ID: MSV-2768.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
mediatek mt6765_firmware -
mediatek mt6875_firmware -
mediatek mt6877tt_firmware -
mediatek mt6878m_firmware -
mediatek mt6893_firmware -
mediatek mt8676_firmware -
mediatek mt6785t_firmware -
mediatek mt2735_firmware -
mediatek mt6763_firmware -
mediatek mt6891_firmware -
mediatek mt6768_firmware -
mediatek mt6855t_firmware -
mediatek mt6886_firmware -
mediatek mt6783_firmware -
mediatek mt6879_firmware -
mediatek mt6985_firmware -
mediatek mt8796_firmware -
mediatek mt6853_firmware -
mediatek mt8771_firmware -
mediatek mt8788e_firmware -
mediatek mt6739_firmware -
mediatek mt8675_firmware -
mediatek mt6769s_firmware -
mediatek mt6779_firmware -
mediatek mt6813_firmware -
mediatek mt6781_firmware -
mediatek mt6853t_firmware -
mediatek mt6989t_firmware -
mediatek mt8766_firmware -
mediatek mt6765t_firmware -
mediatek mt6769t_firmware -
mediatek mt6855_firmware -
mediatek mt8673_firmware -
mediatek mt8863_firmware -
mediatek mt6897_firmware -
mediatek mt6762_firmware -
mediatek mt6835t_firmware -
mediatek mt6983t_firmware -
mediatek mt6989_firmware -
mediatek mt6762m_firmware -
mediatek mt8765_firmware -
mediatek mt6896_firmware -
mediatek mt6762d_firmware -
mediatek mt8797_firmware -
mediatek mt8666_firmware -
mediatek mt6885_firmware -
mediatek mt6895tt_firmware -
mediatek mt6873_firmware -
mediatek mt8798_firmware -
mediatek mt6785u_firmware -
mediatek mt6890_firmware -
mediatek mt6895_firmware -
mediatek mt6880_firmware -
mediatek mt6833_firmware -
mediatek mt8788_firmware -
mediatek mt8791t_firmware -
mediatek mt6835_firmware -
mediatek mt8678_firmware -
mediatek mt8667_firmware -
mediatek mt6767_firmware -
mediatek mt2737_firmware -
mediatek mt6877_firmware -
mediatek mt6980_firmware -
mediatek mt6899_firmware -
mediatek mt6769z_firmware -
mediatek mt8781_firmware -
mediatek mt6878_firmware -
mediatek mt8786_firmware -
mediatek mt6769k_firmware -
mediatek mt6883_firmware -
mediatek mt6889_firmware -
mediatek mt6769_firmware -
mediatek mt6771_firmware -
mediatek mt6990_firmware -
mediatek mt6877t_firmware -
mediatek mt8768_firmware -
mediatek mt6761_firmware -
mediatek mt6833p_firmware -
mediatek mt6980d_firmware -
mediatek mt6785_firmware -
mediatek mt6875t_firmware -
mediatek mt6789_firmware -
mediatek mt6983_firmware -
mediatek mt6985t_firmware -
mediatek mt6991_firmware -
CVE-2025-20666

In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00650610; Issue ID: MSV-2933.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
mediatek nr15 -
CVE-2025-20667

In Modem, there is a possible information disclosure due to incorrect error handling. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01513293; Issue ID: MSV-2741.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
mediatek lr13 -
mediatek nr16 -
mediatek nr17 -
mediatek nr17r -
mediatek lr12a -
mediatek nr15 -
CVE-2025-20670

In Modem, there is a possible permission bypass due to improper certificate validation. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with User execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01334347; Issue ID: MSV-2772.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H 2.1 3.6
nvd@nist.gov 5.7 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N 2.1 3.6

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr17 -
mediatek nr17r -
CVE-2025-20672

In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00412257; Issue ID: MSV-3292.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
mediatek mt7922_firmware *
mediatek mt7921_firmware *
mediatek mt7925_firmware *
mediatek mt7927_firmware *
mediatek mt7902_firmware *
CVE-2025-20673

In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413200; Issue ID: MSV-3304.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
mediatek mt7922_firmware *
mediatek mt7921_firmware *
mediatek mt7925_firmware *
mediatek mt7927_firmware *
mediatek mt7902_firmware *
CVE-2025-20674

In wlan AP driver, there is a possible way to inject arbitrary packet due to a missing permission check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413202; Issue ID: MSV-3303.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
mediatek mt7993_firmware 7.6.7.2
mediatek mt7986_firmware 7.6.7.2
openwrt openwrt 19.07.0
mediatek mt7981_firmware 7.6.7.2
mediatek software_development_kit *
mediatek mt7916_firmware 7.6.7.2
openwrt openwrt 23.05
mediatek mt7990_firmware 7.6.7.2
mediatek mt7992_firmware 7.6.7.2
mediatek mt7915_firmware 7.6.7.2
CVE-2025-20675

In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413201; Issue ID: MSV-3302.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
mediatek mt7922_firmware *
mediatek mt7921_firmware *
mediatek mt7925_firmware *
mediatek mt7927_firmware *
mediatek mt7902_firmware *
CVE-2025-20676

In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00412240; Issue ID: MSV-3293.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
mediatek nbiot_sdk *
CVE-2025-20677

In Bluetooth driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00412256; Issue ID: MSV-3284.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
mediatek nbiot_sdk *
CVE-2025-20678

In ims service, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01394606; Issue ID: MSV-2739.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
mediatek lr13 -
mediatek nr16 -
mediatek nr17 -
mediatek nr17r -
mediatek lr12a -
mediatek nr15 -
CVE-2025-20680

In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418044; Issue ID: MSV-3482.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
mediatek nbiot_sdk *
CVE-2025-20681

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00416936; Issue ID: MSV-3446.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
CVE-2025-20682

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00416937; Issue ID: MSV-3445.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
CVE-2025-20683

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00416938; Issue ID: MSV-3444.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
CVE-2025-20684

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00416939; Issue ID: MSV-3422.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
mediatek software_development_kit *
CVE-2025-20685

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00416226; Issue ID: MSV-3409.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
CVE-2025-20686

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00415570; Issue ID: MSV-3404.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
CVE-2025-20687

In Bluetooth driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418045; Issue ID: MSV-3481.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

Products Affected

Vendor Product Version
mediatek nbiot_sdk *
CVE-2025-20688

In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418047; Issue ID: MSV-3480.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
CVE-2025-20689

In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418048; Issue ID: MSV-3479.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
CVE-2025-20690

In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418038; Issue ID: MSV-3478.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
CVE-2025-20691

In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418039; Issue ID: MSV-3477.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
CVE-2025-20692

In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418040; Issue ID: MSV-3476.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
CVE-2025-20693

In wlan STA driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09812521; Issue ID: MSV-3421.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
linuxfoundation yocto 4.0
openwrt openwrt 21.02.0
google android 14.0
google android 15.0
mediatek software_development_kit *
google android 13.0
openwrt openwrt 23.05
CVE-2025-20694

In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09752821; Issue ID: MSV-3342.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
google android 14.0
google android 15.0
mediatek software_development_kit *
google android 13.0
openwrt openwrt 23.05
CVE-2025-20695

In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09741871; Issue ID: MSV-3317.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
google android 14.0
google android 15.0
mediatek software_development_kit *
google android 13.0
openwrt openwrt 23.05
CVE-2025-20703

In Modem, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01599794; Issue ID: MSV-3708.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr17 -
mediatek nr17r -
mediatek nr15 -
CVE-2025-20704

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01516959; Issue ID: MSV-3502.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
mediatek nr17 -
mediatek nr17r -
CVE-2025-20708

In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01123853; Issue ID: MSV-4131.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr17 -
mediatek nr17r -
mediatek nr15 -
CVE-2025-20709

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00415809; Issue ID: MSV-3405.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
CVE-2025-20710

In wlan AP driver, there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418785; Issue ID: MSV-3515.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
CVE-2025-20711

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00422399; Issue ID: MSV-3748.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
CVE-2025-20712

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00422323; Issue ID: MSV-3810.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
mediatek software_development_kit *
openwrt openwrt 23.05
CVE-2025-20713

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00432661; Issue ID: MSV-3904.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
CVE-2025-20714

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00432659; Issue ID: MSV-3902.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
CVE-2025-20715

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00421152; Issue ID: MSV-3731.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
CVE-2025-20716

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00421149; Issue ID: MSV-3728.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
CVE-2025-20717

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00419946; Issue ID: MSV-3582.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
CVE-2025-20718

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00419945; Issue ID: MSV-3581.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
CVE-2025-20719

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418955; Issue ID: MSV-3570.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
CVE-2025-20720

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418954; Issue ID: MSV-3569.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
CVE-2025-20721

In imgsensor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10089545; Issue ID: MSV-4279.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
mediatek iot_yocto 25.0
google android 14.0
google android 15.0
google android 13.0
google android 16.0
CVE-2025-20724

In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418894; Issue ID: MSV-3475.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
CVE-2025-20725

In ims service, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01671924; Issue ID: MSV-4620.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek lr12a -
mediatek nr15 -
CVE-2025-20726

In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672598; Issue ID: MSV-4622.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr17 -
mediatek nr17r -
mediatek lr12a -
mediatek nr15 -
CVE-2025-20727

In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672601; Issue ID: MSV-4623.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr17 -
mediatek nr17r -
mediatek lr12a -
mediatek nr15 -
CVE-2025-20728

In wlan STA driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00447115; Issue ID: MSV-4276.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
mediatek software_development_kit 3.7
CVE-2025-20729

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00441512; Issue ID: MSV-4153.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L 0.8 3.4

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
CVE-2025-20731

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege (when OceReducedNeighborReport is disabled). User interaction is not needed for exploitation. Patch ID: WCNCR00441511; Issue ID: MSV-4140.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
CVE-2025-20732

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege (when OceReducedNeighborReport is disabled). User interaction is not needed for exploitation. Patch ID: WCNCR00441510; Issue ID: MSV-4139.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
CVE-2025-20733

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00441509; Issue ID: MSV-4138.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
CVE-2025-20734

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00441507; Issue ID: MSV-4112.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
CVE-2025-20735

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00435349; Issue ID: MSV-4051.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
CVE-2025-20736

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00435347; Issue ID: MSV-4049.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
CVE-2025-20737

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00435343; Issue ID: MSV-4040.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
CVE-2025-20738

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00435342; Issue ID: MSV-4039.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
CVE-2025-20739

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00435340; Issue ID: MSV-4038.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
CVE-2025-20740

In wlan STA driver, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00435337; Issue ID: MSV-4036.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.7 MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N 1.0 3.6

Products Affected

Vendor Product Version
mediatek software_development_kit *
CVE-2025-20741

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00434422; Issue ID: MSV-3958.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
CVE-2025-20742

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00432680; Issue ID: MSV-3949.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.0 HIGH CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.1 5.9

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
CVE-2025-20748

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00432679; Issue ID: MSV-3950.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
CVE-2025-20750

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01661199; Issue ID: MSV-4296.

Products Affected

Vendor Product Version
mediatek nr15 -
CVE-2025-20751

In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01661195; Issue ID: MSV-4297.

Products Affected

Vendor Product Version
mediatek nr15 -
CVE-2025-20752

In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01270690; Issue ID: MSV-4301.

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr17 -
mediatek nr17r -
mediatek nr15 -
CVE-2025-20753

In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689252; Issue ID: MSV-4841.

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr15 -
CVE-2025-20754

In Modem, there is a possible system crash due to an incorrect bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689251; Issue ID: MSV-4840.

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr17 -
mediatek nr17r -
mediatek nr15 -
CVE-2025-20755

In Modem, there is a possible application crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00628396; Issue ID: MSV-4775.

Products Affected

Vendor Product Version
mediatek nr15 -
CVE-2025-20756

In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673749; Issue ID: MSV-4643.

Products Affected

Vendor Product Version
mediatek nr15 -
CVE-2025-20757

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673751; Issue ID: MSV-4644.

Products Affected

Vendor Product Version
mediatek nr15 -
CVE-2025-20758

In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673755; Issue ID: MSV-4647.

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr17 -
mediatek nr17r -
mediatek nr15 -
CVE-2025-20759

In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673760; Issue ID: MSV-4650.

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr15 -
CVE-2025-20760

In Modem, there is a possible read of uninitialized heap data due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01676750; Issue ID: MSV-4653.

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr17 -
mediatek nr15 -
CVE-2025-20761

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01311265; Issue ID: MSV-4655.

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr17 -
mediatek nr15 -
CVE-2025-20762

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01685181; Issue ID: MSV-4760.

Products Affected

Vendor Product Version
mediatek nr17 -
CVE-2025-20790

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01677581; Issue ID: MSV-4701.

Products Affected

Vendor Product Version
mediatek nr15 -
CVE-2025-20791

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01661189; Issue ID: MSV-4298.

Products Affected

Vendor Product Version
mediatek nr15 -
CVE-2025-20792

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01717526; Issue ID: MSV-5591.

Products Affected

Vendor Product Version
mediatek nr15 -
CVE-2025-20793

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01430930; Issue ID: MSV-4836.

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr17 -
mediatek nr17r -
mediatek nr15 -
CVE-2025-20794

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689259 / MOLY01586470; Issue ID: MSV-4847.

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr17 -
mediatek nr17r -
mediatek nr15 -
CVE-2026-20401

In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738310; Issue ID: MSV-5933.

Products Affected

Vendor Product Version
mediatek nr15 -
CVE-2026-20402

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00693083; Issue ID: MSV-5928.

Products Affected

Vendor Product Version
mediatek nr15 -
CVE-2026-20403

In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689254 (Note: For N15 and NR16) / MOLY01689259 (Note: For NR17 and NR17R); Issue ID: MSV-4843.

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr17 -
mediatek nr17r -
mediatek nr15 -
CVE-2026-20404

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689248; Issue ID: MSV-4837.

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr17 -
mediatek nr17r -
mediatek nr15 -
CVE-2026-20405

In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01688495; Issue ID: MSV-4818.

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr17 -
mediatek nr17r -
mediatek nr15 -
CVE-2026-20406

In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01726634; Issue ID: MSV-5728.

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr17 -
mediatek nr17r -
mediatek nr15 -
CVE-2026-20419

In wlan AP/STA firmware, there is a possible system becoming irresponsive due to an uncaught exception. This could lead to remote (proximal/adjacent) denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00461663 / WCNCR00463309; Issue ID: MSV-4852.

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
mediatek nbiot_sdk *
CVE-2026-20420

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738313; Issue ID: MSV-5935.

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr17 -
mediatek nr17r -
mediatek nr15 -
CVE-2026-20421

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738293; Issue ID: MSV-5922.

Products Affected

Vendor Product Version
mediatek nr15 -
CVE-2026-20422

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00827332; Issue ID: MSV-5919.

Products Affected

Vendor Product Version
mediatek nr16 -
mediatek nr17 -
mediatek nr17r -
mediatek nr15 -
CVE-2026-20423

In wlan STA driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00465314; Issue ID: MSV-4956.

Products Affected

Vendor Product Version
mediatek nbiot_sdk *
CVE-2026-20430

In wlan AP FW, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00467553; Issue ID: MSV-5151.

Products Affected

Vendor Product Version
openwrt openwrt 21.02.0
openwrt openwrt 19.07.0
mediatek software_development_kit *
openwrt openwrt 23.05.0
CVE-2026-20434

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY00782946; Issue ID: MSV-4135.

Products Affected

Vendor Product Version
mediatek lr13 -
mediatek nr16 -
mediatek nr17 -
mediatek lr12a -
mediatek nr15 -