#VU71986 Input validation error in MediaTek products - CVE-2022-32655
Published: February 7, 2023
Vulnerability identifier: #VU71986
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-32655
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
MT5221
MT7603
MT7613
MT7615
MT7622
MT7628
MT7629
MT7663
MT7668
MT7682
MT7686
MT7687
MT7697
MT7902
MT7915
MT7916
MT7921
MT7933
MT7981
MT7986
MT8167S
MT8175
MT8362A
MT8365
MT8385
MT8532
MT8695
MT8696
MT8788
MT8518S
MT5221
MT7603
MT7613
MT7615
MT7622
MT7628
MT7629
MT7663
MT7668
MT7682
MT7686
MT7687
MT7697
MT7902
MT7915
MT7916
MT7921
MT7933
MT7981
MT7986
MT8167S
MT8175
MT8362A
MT8365
MT8385
MT8532
MT8695
MT8696
MT8788
MT8518S
Software vendor:
MediaTek
MediaTek
Description
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to incorrect error handling in Wi-Fi driver. A local user can pass specially crafted input to the application and gain elevated privileges on the target system.
Remediation
Install updates from vendor's website.