Incorrect access control in actionHandlerUtility.php in the RDK RDKB-20181217-1 WebUI module allows a logged in user to control DDNS, QoS, RIP, and other privileged configurations (intended only for the network operator) by sending an HTTP POST to the PHP backend, because the page filtering for non-superuser (in header.php) is done only for GET requests and not for direct AJAX calls.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-862,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| rdkcentral | rdkb_ccsppandm | rdkb-20181217-1 |
A shell injection issue in cosa_wifi_apis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process (running as root) if the platform was compiled with the ENABLE_FEATURE_MESHWIFI macro. The attack is conducted by changing the Wi-Fi network password to include crafted escape characters. This is related to the WebUI module.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| rdkcentral | rdkb_ccsppandm | rdkb-20181217-1 |
A heap-based buffer overflow in cosa_dhcpv4_dml.c in the RDK RDKB-20181217-1 CcspPandM module may allow attackers with login credentials to achieve remote code execution by crafting a long buffer in the "Comment" field of an IP reservation form in the admin panel. This is related to the CcspCommonLibrary module.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| rdkcentral | rdkb_ccsppandm | rdkb-20181217-1 |
A heap-based buffer over-read in Service_SetParamStringValue in cosa_x_cisco_com_ddns_dml.c of the RDK RDKB-20181217-1 CcspPandM module may allow attackers with login credentials to achieve information disclosure and code execution by crafting an AJAX call responsible for DDNS configuration with an exactly 64-byte username, password, or domain, for which the buffer size is insufficient for the final '\0' character. This is related to the CcspCommonLibrary and WebUI modules.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-125,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| rdkcentral | rdkb_ccsppandm | rdkb-20181217-1 |
In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734004 / ALPS07874358 (For MT6880, MT6890, MT6980, MT6990 only); Issue ID: ALPS07734004 / ALPS07874358 (For MT6880, MT6890, MT6980, MT6990 only).
Products Affected
| Vendor | Product | Version |
|---|---|---|
| android | 13.0 | |
| openwrt | openwrt | 19.07.0 |
| rdkcentral | rdk-b | 2022q3 |
| openwrt | openwrt | 21.02.0 |
| android | 12.0 |
In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only); Issue ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only).
Products Affected
| Vendor | Product | Version |
|---|---|---|
| android | 13.0 | |
| linuxfoundation | yocto | 3.3 |
| openwrt | openwrt | 19.07.0 |
| rdkcentral | rdkb | 2022q3 |
| openwrt | openwrt | 21.02.0 |
| android | 12.0 | |
| linuxfoundation | yocto | 2.6 |
| android | 11.0 |
In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07740194; Issue ID: ALPS07740194.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| android | 13.0 | |
| linuxfoundation | yocto | 3.3 |
| openwrt | openwrt | 19.07.0 |
| rdkcentral | rdk-b | 2022q3 |
| openwrt | openwrt | 21.02.0 |
| android | 12.0 | |
| linuxfoundation | yocto | 2.6 |
In power, there is a possible memory corruption due to an incorrect bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929790; Issue ID: ALPS07929790.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| android | 13.0 | |
| linuxfoundation | yocto | 3.3 |
| openwrt | openwrt | 19.07.0 |
| rdkcentral | rdk-b | 2022q3 |
| openwrt | openwrt | 21.02.0 |
| android | 12.0 | |
| linuxfoundation | yocto | 2.6 |
In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07937113; Issue ID: ALPS07937113.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| android | 13.0 | |
| openwrt | openwrt | 19.07.0 |
| rdkcentral | rdk-b | 2022q3 |
| openwrt | openwrt | 21.02.0 |
| android | 12.0 | |
| linuxfoundation | yocto | 2.6 |
| android | 11.0 |
In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014144.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| android | 13.0 | |
| openwrt | openwrt | 19.07.0 |
| rdkcentral | rdk-b | 2022q3 |
| openwrt | openwrt | 21.02.0 |
| android | 12.0 | |
| linuxfoundation | yocto | 2.6 |
In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014148.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| android | 13.0 | |
| openwrt | openwrt | 19.07.0 |
| rdkcentral | rdk-b | 2022q3 |
| openwrt | openwrt | 21.02.0 |
| android | 12.0 | |
| linuxfoundation | yocto | 2.6 |
In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014156.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| android | 13.0 | |
| openwrt | openwrt | 19.07.0 |
| rdkcentral | rdk-b | 2022q3 |
| openwrt | openwrt | 21.02.0 |
| android | 12.0 | |
| linuxfoundation | yocto | 2.6 |
In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014162.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| android | 13.0 | |
| openwrt | openwrt | 19.07.0 |
| rdkcentral | rdk-b | 2022q3 |
| openwrt | openwrt | 21.02.0 |
| android | 12.0 | |
| linuxfoundation | yocto | 2.6 |
In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08013530.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| android | 13.0 | |
| openwrt | openwrt | 19.07.0 |
| rdkcentral | rdk-b | 2022q3 |
| openwrt | openwrt | 21.02.0 |
| android | 12.0 | |
| linuxfoundation | yocto | 2.6 |
In aee, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07909204; Issue ID: ALPS07909204.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| android | 13.0 | |
| linuxfoundation | yocto | 3.3 |
| openwrt | openwrt | 19.07.0 |
| openwrt | openwrt | 21.02 |
| rdkcentral | rdk-b | 2022q3 |
| android | 12.0 | |
| linuxfoundation | yocto | 2.6 |
| linuxfoundation | yocto | 4.0 |
In DA, there is a possible permission bypass due to an incorrect status check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355514; Issue ID: ALPS08355514.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| android | 13.0 | |
| linuxfoundation | yocto | 3.3 |
| openwrt | openwrt | 19.07.0 |
| rdkcentral | rdk-b | 2022q3 |
| openwrt | openwrt | 21.02.0 |
| android | 12.0 | |
| linuxfoundation | yocto | 4.0 |
| android | 14.0 | |
| android | 15.0 |
In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08477148; Issue ID: ALPS08477148.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| openwrt | openwrt | 19.07.0 |
| rdkcentral | rdk-b | 2022q3 |
| openwrt | openwrt | 21.02.0 |
| android | 11.0 |
In flashc, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541638; Issue ID: ALPS08541638.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| android | 13.0 | |
| linuxfoundation | yocto | 3.3 |
| openwrt | openwrt | 19.07.0 |
| rdkcentral | rdk-b | 2022q3 |
| openwrt | openwrt | 21.02.0 |
| android | 12.0 | |
| android | 14.0 |
In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08360153 (for MT6XXX chipsets) / WCNCR00363530 (for MT79XX chipsets); Issue ID: MSV-979.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| android | 13.0 | |
| linuxfoundation | yocto | 3.3 |
| openwrt | openwrt | 19.07.0 |
| rdkcentral | rdk-b | 2022q3 |
| openwrt | openwrt | 21.02.0 |
| android | 12.0 | |
| linuxfoundation | yocto | 4.0 |
| android | 14.0 | |
| linux | linux_kernel | 4.19 |
In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541765; Issue ID: ALPS08541765.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| android | 13.0 | |
| linuxfoundation | yocto | 3.3 |
| openwrt | openwrt | 19.07.0 |
| rdkcentral | rdk-b | 2022q3 |
| openwrt | openwrt | 21.02.0 |
| android | 12.0 |
In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541757.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| android | 13.0 | |
| linuxfoundation | yocto | 3.3 |
| openwrt | openwrt | 19.07.0 |
| rdkcentral | rdk-b | 2022q3 |
| openwrt | openwrt | 21.02.0 |
| android | 12.0 | |
| android | 14.0 |
In flashc, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541758.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| android | 13.0 | |
| linuxfoundation | yocto | 3.3 |
| openwrt | openwrt | 19.07.0 |
| rdkcentral | rdk-b | 2022q3 |
| openwrt | openwrt | 21.02.0 |
| android | 12.0 | |
| android | 14.0 |
In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541761.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| android | 13.0 | |
| linuxfoundation | yocto | 3.3 |
| openwrt | openwrt | 19.07.0 |
| rdkcentral | rdk-b | 2022q3 |
| openwrt | openwrt | 21.02.0 |
| android | 12.0 | |
| android | 14.0 |
In flashc, there is a possible out of bounds write due to an uncaught exception. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541764.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| android | 13.0 | |
| linuxfoundation | yocto | 3.3 |
| openwrt | openwrt | 19.07.0 |
| rdkcentral | rdk-b | 2022q3 |
| openwrt | openwrt | 21.02.0 |
| android | 12.0 | |
| android | 14.0 |
In gnss, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580200; Issue ID: ALPS08580200.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| android | 13.0 | |
| linuxfoundation | yocto | 3.3 |
| openwrt | openwrt | 19.07.0 |
| rdkcentral | rdk-b | 2022q3 |
| openwrt | openwrt | 21.02.0 |
| linuxfoundation | yocto | 2.6 |
| android | 14.0 |
In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528185; Issue ID: ALPS08528185.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| android | 13.0 | |
| openwrt | openwrt | 19.07.0 |
| openwrt | openwrt | 23.05 |
| rdkcentral | rdk-b | 2022q3 |
| openwrt | openwrt | 21.02.0 |
| android | 12.0 | |
| android | 14.0 |
In gnss service, there is a possible escalation of privilege due to improper certificate validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08720039; Issue ID: MSV-1424.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| android | 13.0 | |
| linuxfoundation | yocto | 3.3 |
| rdkcentral | rdk-b | 2022q3 |
| linuxfoundation | yocto | 2.6 |
| linuxfoundation | yocto | 4.0 |
| android | 14.0 |
In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944210; Issue ID: MSV-1561.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| android | 13.0 | |
| openwrt | openwrt | 22.03.5 |
| linuxfoundation | yocto | 3.3 |
| openwrt | openwrt | 19.07.0 |
| openwrt | openwrt | 21.02 |
| rdkcentral | rdk-b | 2022q3 |
| linuxfoundation | yocto | 2.6 |
| linuxfoundation | yocto | 4.0 |
| android | 14.0 |
In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944204; Issue ID: MSV-1560.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| android | 13.0 | |
| openwrt | openwrt | 22.03.5 |
| linuxfoundation | yocto | 3.3 |
| openwrt | openwrt | 19.07.0 |
| openwrt | openwrt | 21.02 |
| rdkcentral | rdk-b | 2022q3 |
| linuxfoundation | yocto | 2.6 |
| linuxfoundation | yocto | 4.0 |
| android | 14.0 |
In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09073261; Issue ID: MSV-1772.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.4 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.5 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| android | 13.0 | |
| openwrt | openwrt | 19.07.0 |
| openwrt | openwrt | 23.05 |
| rdkcentral | rdk-b | 2022q3 |
| openwrt | openwrt | 21.02.0 |
| android | 12.0 | |
| linuxfoundation | yocto | 4.0 |
| android | 14.0 | |
| android | 15.0 | |
| rdkcentral | rdk-b | 2024q1 |
In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09124360; Issue ID: MSV-1823.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.2 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.5 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| android | 13.0 | |
| openwrt | openwrt | 19.07.0 |
| openwrt | openwrt | 23.05 |
| rdkcentral | rdk-b | 2022q3 |
| openwrt | openwrt | 21.02.0 |
| android | 12.0 | |
| linuxfoundation | yocto | 4.0 |
| android | 14.0 | |
| android | 15.0 | |
| rdkcentral | rdk-b | 2024q1 |
In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09121847; Issue ID: MSV-1821.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.2 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.5 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| android | 13.0 | |
| openwrt | openwrt | 19.07.0 |
| openwrt | openwrt | 23.05 |
| rdkcentral | rdk-b | 2022q3 |
| openwrt | openwrt | 21.02.0 |
| android | 12.0 | |
| android | 14.0 | |
| android | 15.0 | |
| rdkcentral | rdk-b | 2024q1 |
In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09167056; Issue ID: MSV-2069.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.6 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 0.7 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| android | 13.0 | |
| openwrt | openwrt | 19.07.0 |
| openwrt | openwrt | 23.05 |
| rdkcentral | rdk-b | 2022q3 |
| openwrt | openwrt | 21.02.0 |
| android | 12.0 | |
| linuxfoundation | yocto | 4.0 |
| android | 14.0 | |
| android | 15.0 | |
| rdkcentral | rdk-b | 2024q1 |
In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09167056; Issue ID: MSV-2041.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.6 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 0.7 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| android | 13.0 | |
| openwrt | openwrt | 19.07.0 |
| openwrt | openwrt | 23.05 |
| rdkcentral | rdk-b | 2022q3 |
| openwrt | openwrt | 21.02.0 |
| linuxfoundation | yocto | 4.0 |
| android | 14.0 | |
| android | 15.0 | |
| rdkcentral | rdk-b | 2024q1 |
In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09290940; Issue ID: MSV-2040.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.6 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 0.7 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| openwrt | openwrt | 19.07.0 |
| openwrt | openwrt | 23.05 |
| rdkcentral | rdk-b | 2022q3 |
| openwrt | openwrt | 21.02.0 |
| linuxfoundation | yocto | 4.0 |
| android | 14.0 | |
| android | 15.0 | |
| rdkcentral | rdk-b | 2024q1 |
In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issue ID: MSV-2061.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.8 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| android | 13.0 | |
| openwrt | openwrt | 23.05 |
| rdkcentral | rdk-b | 2022q3 |
| openwrt | openwrt | 21.02.0 |
| linuxfoundation | yocto | 4.0 |
| android | 14.0 | |
| android | 15.0 | |
| rdkcentral | rdk-b | 2024q1 |
In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issue ID: MSV-2062.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.1 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L | 0.7 | 3.4 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| android | 13.0 | |
| openwrt | openwrt | 23.05 |
| rdkcentral | rdk-b | 2022q3 |
| openwrt | openwrt | 21.02.0 |
| linuxfoundation | yocto | 4.0 |
| android | 14.0 | |
| android | 15.0 | |
| rdkcentral | rdk-b | 2024q1 |
In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09915215; Issue ID: MSV-3801.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.8 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.9 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| android | 13.0 | |
| openwrt | openwrt | 23.05 |
| openwrt | openwrt | 21.02.0 |
| linuxfoundation | yocto | 4.0 |
| android | 14.0 | |
| android | 15.0 | |
| rdkcentral | rdk-b | 2024q1 |
| zephyrproject | zephyr | 3.7.0 |
In gnss driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09920036; Issue ID: MSV-3798.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| openwrt | openwrt | 23.05 |
| openwrt | openwrt | 21.02.0 |
| android | 14.0 | |
| android | 15.0 | |
| rdkcentral | rdk-b | 2024q1 |
In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10068463; Issue ID: MSV-4141.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| android | 13.0 | |
| openwrt | openwrt | 23.05.0 |
| openwrt | openwrt | 21.02.0 |
| linuxfoundation | yocto | 4.0 |
| android | 14.0 | |
| android | 15.0 | |
| rdkcentral | rdk-b | 2024q1 |
| android | 16.0 |
In gnss service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10010441; Issue ID: MSV-3967.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| openwrt | openwrt | 23.05.0 |
| openwrt | openwrt | 21.02.0 |
| linuxfoundation | yocto | 4.0 |
| android | 14.0 | |
| android | 15.0 | |
| rdkcentral | rdk-b | 2024q1 |
| zephyrproject | zephyr | 3.7.0 |
In gnss service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10010443; Issue ID: MSV-3966.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| openwrt | openwrt | 23.05.0 |
| openwrt | openwrt | 21.02.0 |
| linuxfoundation | yocto | 4.0 |
| android | 14.0 | |
| android | 15.0 | |
| rdkcentral | rdk-b | 2024q1 |
| zephyrproject | zephyr | 3.7.0 |