Vulnerability identifier: #VU67844

Vulnerability risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-32589

CWE-ID: CWE-404

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
MT6761
Mobile applications / Mobile firmware & hardware
MT6762
Mobile applications / Mobile firmware & hardware
MT6765
Mobile applications / Mobile firmware & hardware
MT6768
Mobile applications / Mobile firmware & hardware
MT6789
Mobile applications / Mobile firmware & hardware
MT6833
Mobile applications / Mobile firmware & hardware
MT6879
Mobile applications / Mobile firmware & hardware
MT6895
Mobile applications / Mobile firmware & hardware
MT6983
Mobile applications / Mobile firmware & hardware
MT7663
Mobile applications / Mobile firmware & hardware
MT7668
Mobile applications / Mobile firmware & hardware
MT7902
Mobile applications / Mobile firmware & hardware
MT7921
Mobile applications / Mobile firmware & hardware
MT8167S
Mobile applications / Mobile firmware & hardware
MT8175
Mobile applications / Mobile firmware & hardware
MT8183
Mobile applications / Mobile firmware & hardware
MT8185
Mobile applications / Mobile firmware & hardware
MT8362A
Mobile applications / Mobile firmware & hardware
MT8365
Mobile applications / Mobile firmware & hardware
MT8385
Mobile applications / Mobile firmware & hardware
MT8512A
Mobile applications / Mobile firmware & hardware
MT8518
Mobile applications / Mobile firmware & hardware
MT8532
Mobile applications / Mobile firmware & hardware
MT8667
Mobile applications / Mobile firmware & hardware
MT8766
Mobile applications / Mobile firmware & hardware
MT8768
Mobile applications / Mobile firmware & hardware
MT8786
Mobile applications / Mobile firmware & hardware
MT8788
Mobile applications / Mobile firmware & hardware
MT8789
Mobile applications / Mobile firmware & hardware
MT6779
Hardware solutions / Firmware
MT6781
Hardware solutions / Firmware
MT6785
Hardware solutions / Firmware
MT6853
Hardware solutions / Firmware
MT6873
Hardware solutions / Firmware
MT6875
Hardware solutions / Firmware
MT6877
Hardware solutions / Firmware
MT6883
Hardware solutions / Firmware
MT6885
Hardware solutions / Firmware
MT6889
Hardware solutions / Firmware
MT6891
Hardware solutions / Firmware
MT6893
Hardware solutions / Firmware

Vendor: MediaTek

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper resource shutdown or release in Wi-Fi driver. A remote attacker can send specially crafted traffic to the affected device and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

MT6761: All versions

MT6762: All versions

MT6765: All versions

MT6768: All versions

MT6779: All versions

MT6781: All versions

MT6785: All versions

MT6789: All versions

MT6833: All versions

MT6853: All versions

MT6873: All versions

MT6875: All versions

MT6877: All versions

MT6879: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6891: All versions

MT6893: All versions

MT6895: All versions

MT6983: All versions

MT7663: All versions

MT7668: All versions

MT7902: All versions

MT7921: All versions

MT8167S: All versions

MT8175: All versions

MT8183: All versions

MT8185: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

MT8512A: All versions

MT8518: All versions

MT8532: All versions

MT8667: All versions

MT8766: All versions

MT8768: All versions

MT8786: All versions

MT8788: All versions

MT8789: All versions

---

External links
http://corp.mediatek.com/product-security-bulletin/October-2022

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.