#VU67846 Buffer overflow in MediaTek Hardware solutions
Vulnerability identifier: #VU67846
Vulnerability risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
MT6580
Mobile applications /
Mobile firmware & hardware
MT6739
Mobile applications /
Mobile firmware & hardware
MT6753
Mobile applications /
Mobile firmware & hardware
MT6757
Mobile applications /
Mobile firmware & hardware
MT6761
Mobile applications /
Mobile firmware & hardware
MT6762
Mobile applications /
Mobile firmware & hardware
MT6763
Mobile applications /
Mobile firmware & hardware
MT6765
Mobile applications /
Mobile firmware & hardware
MT6768
Mobile applications /
Mobile firmware & hardware
MT6789
Mobile applications /
Mobile firmware & hardware
MT6833
Mobile applications /
Mobile firmware & hardware
MT6855
Mobile applications /
Mobile firmware & hardware
MT6879
Mobile applications /
Mobile firmware & hardware
MT6895
Mobile applications /
Mobile firmware & hardware
MT6983
Mobile applications /
Mobile firmware & hardware
MT8321
Mobile applications /
Mobile firmware & hardware
MT8385
Mobile applications /
Mobile firmware & hardware
MT8666
Mobile applications /
Mobile firmware & hardware
MT8675
Mobile applications /
Mobile firmware & hardware
MT8765
Mobile applications /
Mobile firmware & hardware
MT8766
Mobile applications /
Mobile firmware & hardware
MT8768
Mobile applications /
Mobile firmware & hardware
MT8786
Mobile applications /
Mobile firmware & hardware
MT8788
Mobile applications /
Mobile firmware & hardware
MT8789
Mobile applications /
Mobile firmware & hardware
MT8791
Mobile applications /
Mobile firmware & hardware
MT6779
Hardware solutions /
Firmware
MT6781
Hardware solutions /
Firmware
MT6785
Hardware solutions /
Firmware
MT6853
Hardware solutions /
Firmware
MT6853T
Hardware solutions /
Firmware
MT6873
Hardware solutions /
Firmware
MT6875
Hardware solutions /
Firmware
MT6877
Hardware solutions /
Firmware
MT6885
Hardware solutions /
Firmware
MT6893
Hardware solutions /
Firmware
MT8797
Hardware solutions /
Firmware
Vendor: MediaTek
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the ril component. A remote attacker can send specially crafted traffic to the device, trigger memory corruption and perform a denial of service (DoS) attack.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
MT6580: All versions
MT6739: All versions
MT6753: All versions
MT6757: All versions
MT6761: All versions
MT6762: All versions
MT6763: All versions
MT6765: All versions
MT6768: All versions
MT6779: All versions
MT6781: All versions
MT6785: All versions
MT6789: All versions
MT6833: All versions
MT6853: All versions
MT6853T: All versions
MT6855: All versions
MT6873: All versions
MT6875: All versions
MT6877: All versions
MT6879: All versions
MT6885: All versions
MT6893: All versions
MT6895: All versions
MT6983: All versions
MT8321: All versions
MT8385: All versions
MT8666: All versions
MT8675: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791: All versions
MT8797: All versions
External links
http://corp.mediatek.com/product-security-bulletin/October-2022
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
