MidnightBSD

Advisories for rdkcentral

CVE-2019-6961 MEDIUM

Incorrect access control in actionHandlerUtility.php in the RDK RDKB-20181217-1 WebUI module allows a logged in user to control DDNS, QoS, RIP, and other privileged configurations (intended only for the network operator) by sending an HTTP POST to the PHP backend, because the page filtering for non-superuser (in header.php) is done only for GET requests and not for direct AJAX calls.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-862,

Products Affected

Vendor Product Version
rdkcentral rdkb_ccsppandm rdkb-20181217-1
CVE-2019-6962 HIGH

A shell injection issue in cosa_wifi_apis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process (running as root) if the platform was compiled with the ENABLE_FEATURE_MESHWIFI macro. The attack is conducted by changing the Wi-Fi network password to include crafted escape characters. This is related to the WebUI module.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
rdkcentral rdkb_ccsppandm rdkb-20181217-1
CVE-2019-6963 MEDIUM

A heap-based buffer overflow in cosa_dhcpv4_dml.c in the RDK RDKB-20181217-1 CcspPandM module may allow attackers with login credentials to achieve remote code execution by crafting a long buffer in the "Comment" field of an IP reservation form in the admin panel. This is related to the CcspCommonLibrary module.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
rdkcentral rdkb_ccsppandm rdkb-20181217-1
CVE-2019-6964 MEDIUM

A heap-based buffer over-read in Service_SetParamStringValue in cosa_x_cisco_com_ddns_dml.c of the RDK RDKB-20181217-1 CcspPandM module may allow attackers with login credentials to achieve information disclosure and code execution by crafting an AJAX call responsible for DDNS configuration with an exactly 64-byte username, password, or domain, for which the buffer size is insufficient for the final '\0' character. This is related to the CcspCommonLibrary and WebUI modules.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
rdkcentral rdkb_ccsppandm rdkb-20181217-1
CVE-2023-20725

In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734004 / ALPS07874358 (For MT6880, MT6890, MT6980, MT6990 only); Issue ID: ALPS07734004 / ALPS07874358 (For MT6880, MT6890, MT6980, MT6990 only).

Products Affected

Vendor Product Version
google android 13.0
openwrt openwrt 19.07.0
rdkcentral rdk-b 2022q3
openwrt openwrt 21.02.0
google android 12.0
CVE-2023-20726

In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only); Issue ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only).

Products Affected

Vendor Product Version
google android 13.0
linuxfoundation yocto 3.3
openwrt openwrt 19.07.0
rdkcentral rdkb 2022q3
openwrt openwrt 21.02.0
google android 12.0
linuxfoundation yocto 2.6
google android 11.0
CVE-2023-20790

In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07740194; Issue ID: ALPS07740194.

Products Affected

Vendor Product Version
google android 13.0
linuxfoundation yocto 3.3
openwrt openwrt 19.07.0
rdkcentral rdk-b 2022q3
openwrt openwrt 21.02.0
google android 12.0
linuxfoundation yocto 2.6
CVE-2023-20796

In power, there is a possible memory corruption due to an incorrect bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929790; Issue ID: ALPS07929790.

Products Affected

Vendor Product Version
google android 13.0
linuxfoundation yocto 3.3
openwrt openwrt 19.07.0
rdkcentral rdk-b 2022q3
openwrt openwrt 21.02.0
google android 12.0
linuxfoundation yocto 2.6
CVE-2023-20821

In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07937113; Issue ID: ALPS07937113.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
google android 13.0
openwrt openwrt 19.07.0
rdkcentral rdk-b 2022q3
openwrt openwrt 21.02.0
google android 12.0
linuxfoundation yocto 2.6
google android 11.0
CVE-2023-20828

In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014144.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
google android 13.0
openwrt openwrt 19.07.0
rdkcentral rdk-b 2022q3
openwrt openwrt 21.02.0
google android 12.0
linuxfoundation yocto 2.6
CVE-2023-20829

In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014148.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
google android 13.0
openwrt openwrt 19.07.0
rdkcentral rdk-b 2022q3
openwrt openwrt 21.02.0
google android 12.0
linuxfoundation yocto 2.6
CVE-2023-20830

In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014156.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
google android 13.0
openwrt openwrt 19.07.0
rdkcentral rdk-b 2022q3
openwrt openwrt 21.02.0
google android 12.0
linuxfoundation yocto 2.6
CVE-2023-20831

In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014162.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
google android 13.0
openwrt openwrt 19.07.0
rdkcentral rdk-b 2022q3
openwrt openwrt 21.02.0
google android 12.0
linuxfoundation yocto 2.6
CVE-2023-20832

In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08013530.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
google android 13.0
openwrt openwrt 19.07.0
rdkcentral rdk-b 2022q3
openwrt openwrt 21.02.0
google android 12.0
linuxfoundation yocto 2.6
CVE-2023-32855

In aee, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07909204; Issue ID: ALPS07909204.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
google android 13.0
linuxfoundation yocto 3.3
openwrt openwrt 19.07.0
openwrt openwrt 21.02
rdkcentral rdk-b 2022q3
google android 12.0
linuxfoundation yocto 2.6
linuxfoundation yocto 4.0
CVE-2023-32871

In DA, there is a possible permission bypass due to an incorrect status check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355514; Issue ID: ALPS08355514.

Products Affected

Vendor Product Version
google android 13.0
linuxfoundation yocto 3.3
openwrt openwrt 19.07.0
rdkcentral rdk-b 2022q3
openwrt openwrt 21.02.0
google android 12.0
linuxfoundation yocto 4.0
google android 14.0
google android 15.0
CVE-2024-20006

In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08477148; Issue ID: ALPS08477148.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
openwrt openwrt 19.07.0
rdkcentral rdk-b 2022q3
openwrt openwrt 21.02.0
google android 11.0
CVE-2024-20023

In flashc, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541638; Issue ID: ALPS08541638.

Products Affected

Vendor Product Version
google android 13.0
linuxfoundation yocto 3.3
openwrt openwrt 19.07.0
rdkcentral rdk-b 2022q3
openwrt openwrt 21.02.0
google android 12.0
google android 14.0
CVE-2024-20040

In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08360153 (for MT6XXX chipsets) / WCNCR00363530 (for MT79XX chipsets); Issue ID: MSV-979.

Products Affected

Vendor Product Version
google android 13.0
linuxfoundation yocto 3.3
openwrt openwrt 19.07.0
rdkcentral rdk-b 2022q3
openwrt openwrt 21.02.0
google android 12.0
linuxfoundation yocto 4.0
google android 14.0
linux linux_kernel 4.19
CVE-2024-20049

In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541765; Issue ID: ALPS08541765.

Products Affected

Vendor Product Version
google android 13.0
linuxfoundation yocto 3.3
openwrt openwrt 19.07.0
rdkcentral rdk-b 2022q3
openwrt openwrt 21.02.0
google android 12.0
CVE-2024-20050

In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541757.

Products Affected

Vendor Product Version
google android 13.0
linuxfoundation yocto 3.3
openwrt openwrt 19.07.0
rdkcentral rdk-b 2022q3
openwrt openwrt 21.02.0
google android 12.0
google android 14.0
CVE-2024-20051

In flashc, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541758.

Products Affected

Vendor Product Version
google android 13.0
linuxfoundation yocto 3.3
openwrt openwrt 19.07.0
rdkcentral rdk-b 2022q3
openwrt openwrt 21.02.0
google android 12.0
google android 14.0
CVE-2024-20052

In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541761.

Products Affected

Vendor Product Version
google android 13.0
linuxfoundation yocto 3.3
openwrt openwrt 19.07.0
rdkcentral rdk-b 2022q3
openwrt openwrt 21.02.0
google android 12.0
google android 14.0
CVE-2024-20053

In flashc, there is a possible out of bounds write due to an uncaught exception. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541757; Issue ID: ALPS08541764.

Products Affected

Vendor Product Version
google android 13.0
linuxfoundation yocto 3.3
openwrt openwrt 19.07.0
rdkcentral rdk-b 2022q3
openwrt openwrt 21.02.0
google android 12.0
google android 14.0
CVE-2024-20054

In gnss, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580200; Issue ID: ALPS08580200.

Products Affected

Vendor Product Version
google android 13.0
linuxfoundation yocto 3.3
openwrt openwrt 19.07.0
rdkcentral rdk-b 2022q3
openwrt openwrt 21.02.0
linuxfoundation yocto 2.6
google android 14.0
CVE-2024-20056

In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528185; Issue ID: ALPS08528185.

Products Affected

Vendor Product Version
google android 13.0
openwrt openwrt 19.07.0
openwrt openwrt 23.05
rdkcentral rdk-b 2022q3
openwrt openwrt 21.02.0
google android 12.0
google android 14.0
CVE-2024-20080

In gnss service, there is a possible escalation of privilege due to improper certificate validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08720039; Issue ID: MSV-1424.

Products Affected

Vendor Product Version
google android 13.0
linuxfoundation yocto 3.3
rdkcentral rdk-b 2022q3
linuxfoundation yocto 2.6
linuxfoundation yocto 4.0
google android 14.0
CVE-2024-20084

In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944210; Issue ID: MSV-1561.

Products Affected

Vendor Product Version
google android 13.0
openwrt openwrt 22.03.5
linuxfoundation yocto 3.3
openwrt openwrt 19.07.0
openwrt openwrt 21.02
rdkcentral rdk-b 2022q3
linuxfoundation yocto 2.6
linuxfoundation yocto 4.0
google android 14.0
CVE-2024-20085

In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944204; Issue ID: MSV-1560.

Products Affected

Vendor Product Version
google android 13.0
openwrt openwrt 22.03.5
linuxfoundation yocto 3.3
openwrt openwrt 19.07.0
openwrt openwrt 21.02
rdkcentral rdk-b 2022q3
linuxfoundation yocto 2.6
linuxfoundation yocto 4.0
google android 14.0
CVE-2024-20104

In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09073261; Issue ID: MSV-1772.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9

Products Affected

Vendor Product Version
google android 13.0
openwrt openwrt 19.07.0
openwrt openwrt 23.05
rdkcentral rdk-b 2022q3
openwrt openwrt 21.02.0
google android 12.0
linuxfoundation yocto 4.0
google android 14.0
google android 15.0
rdkcentral rdk-b 2024q1
CVE-2024-20107

In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09124360; Issue ID: MSV-1823.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.5 3.6

Products Affected

Vendor Product Version
google android 13.0
openwrt openwrt 19.07.0
openwrt openwrt 23.05
rdkcentral rdk-b 2022q3
openwrt openwrt 21.02.0
google android 12.0
linuxfoundation yocto 4.0
google android 14.0
google android 15.0
rdkcentral rdk-b 2024q1
CVE-2024-20136

In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09121847; Issue ID: MSV-1821.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.5 3.6

Products Affected

Vendor Product Version
google android 13.0
openwrt openwrt 19.07.0
openwrt openwrt 23.05
rdkcentral rdk-b 2022q3
openwrt openwrt 21.02.0
google android 12.0
google android 14.0
google android 15.0
rdkcentral rdk-b 2024q1
CVE-2024-20143

In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09167056; Issue ID: MSV-2069.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 0.7 5.9

Products Affected

Vendor Product Version
google android 13.0
openwrt openwrt 19.07.0
openwrt openwrt 23.05
rdkcentral rdk-b 2022q3
openwrt openwrt 21.02.0
google android 12.0
linuxfoundation yocto 4.0
google android 14.0
google android 15.0
rdkcentral rdk-b 2024q1
CVE-2024-20144

In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09167056; Issue ID: MSV-2041.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 0.7 5.9

Products Affected

Vendor Product Version
google android 13.0
openwrt openwrt 19.07.0
openwrt openwrt 23.05
rdkcentral rdk-b 2022q3
openwrt openwrt 21.02.0
linuxfoundation yocto 4.0
google android 14.0
google android 15.0
rdkcentral rdk-b 2024q1
CVE-2024-20145

In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09290940; Issue ID: MSV-2040.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.6 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 0.7 5.9

Products Affected

Vendor Product Version
openwrt openwrt 19.07.0
openwrt openwrt 23.05
rdkcentral rdk-b 2022q3
openwrt openwrt 21.02.0
linuxfoundation yocto 4.0
google android 14.0
google android 15.0
rdkcentral rdk-b 2024q1
CVE-2025-20650

In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issue ID: MSV-2061.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
google android 13.0
openwrt openwrt 23.05
rdkcentral rdk-b 2022q3
openwrt openwrt 21.02.0
linuxfoundation yocto 4.0
google android 14.0
google android 15.0
rdkcentral rdk-b 2024q1
CVE-2025-20651

In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issue ID: MSV-2062.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.1 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L 0.7 3.4

Products Affected

Vendor Product Version
google android 13.0
openwrt openwrt 23.05
rdkcentral rdk-b 2022q3
openwrt openwrt 21.02.0
linuxfoundation yocto 4.0
google android 14.0
google android 15.0
rdkcentral rdk-b 2024q1
CVE-2025-20696

In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09915215; Issue ID: MSV-3801.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.8 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.9 5.9

Products Affected

Vendor Product Version
google android 13.0
openwrt openwrt 23.05
openwrt openwrt 21.02.0
linuxfoundation yocto 4.0
google android 14.0
google android 15.0
rdkcentral rdk-b 2024q1
zephyrproject zephyr 3.7.0
CVE-2025-20722

In gnss driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09920036; Issue ID: MSV-3798.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
openwrt openwrt 23.05
openwrt openwrt 21.02.0
google android 14.0
google android 15.0
rdkcentral rdk-b 2024q1
CVE-2025-20730

In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10068463; Issue ID: MSV-4141.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
google android 13.0
openwrt openwrt 23.05.0
openwrt openwrt 21.02.0
linuxfoundation yocto 4.0
google android 14.0
google android 15.0
rdkcentral rdk-b 2024q1
google android 16.0
CVE-2025-20746

In gnss service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10010441; Issue ID: MSV-3967.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
openwrt openwrt 23.05.0
openwrt openwrt 21.02.0
linuxfoundation yocto 4.0
google android 14.0
google android 15.0
rdkcentral rdk-b 2024q1
zephyrproject zephyr 3.7.0
CVE-2025-20747

In gnss service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10010443; Issue ID: MSV-3966.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.7 MEDIUM CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8 5.9

Products Affected

Vendor Product Version
openwrt openwrt 23.05.0
openwrt openwrt 21.02.0
linuxfoundation yocto 4.0
google android 14.0
google android 15.0
rdkcentral rdk-b 2024q1
zephyrproject zephyr 3.7.0