Vulnerability identifier: #VU71985
Vulnerability risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
MT5221
Mobile applications /
Mobile firmware & hardware
MT7603
Mobile applications /
Mobile firmware & hardware
MT7613
Mobile applications /
Mobile firmware & hardware
MT7615
Mobile applications /
Mobile firmware & hardware
MT7622
Mobile applications /
Mobile firmware & hardware
MT7628
Mobile applications /
Mobile firmware & hardware
MT7629
Mobile applications /
Mobile firmware & hardware
MT7663
Mobile applications /
Mobile firmware & hardware
MT7668
Mobile applications /
Mobile firmware & hardware
MT7682
Mobile applications /
Mobile firmware & hardware
MT7686
Mobile applications /
Mobile firmware & hardware
MT7687
Mobile applications /
Mobile firmware & hardware
MT7697
Mobile applications /
Mobile firmware & hardware
MT7902
Mobile applications /
Mobile firmware & hardware
MT7915
Mobile applications /
Mobile firmware & hardware
MT7916
Mobile applications /
Mobile firmware & hardware
MT7921
Mobile applications /
Mobile firmware & hardware
MT7933
Mobile applications /
Mobile firmware & hardware
MT7981
Mobile applications /
Mobile firmware & hardware
MT7986
Mobile applications /
Mobile firmware & hardware
MT8167S
Mobile applications /
Mobile firmware & hardware
MT8175
Mobile applications /
Mobile firmware & hardware
MT8362A
Mobile applications /
Mobile firmware & hardware
MT8365
Mobile applications /
Mobile firmware & hardware
MT8385
Mobile applications /
Mobile firmware & hardware
MT8532
Mobile applications /
Mobile firmware & hardware
MT8695
Mobile applications /
Mobile firmware & hardware
MT8696
Mobile applications /
Mobile firmware & hardware
MT8788
Mobile applications /
Mobile firmware & hardware
MT8518S
/
Vendor: MediaTek
Description
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to incorrect error handling in Wi-Fi driver. A local user can pass specially crafted input to the application and gain elevated privileges on the target system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
MT5221: All versions
MT7603: All versions
MT7613: All versions
MT7615: All versions
MT7622: All versions
MT7628: All versions
MT7629: All versions
MT7663: All versions
MT7668: All versions
MT7682: All versions
MT7686: All versions
MT7687: All versions
MT7697: All versions
MT7902: All versions
MT7915: All versions
MT7916: All versions
MT7921: All versions
MT7933: All versions
MT7981: All versions
MT7986: All versions
MT8167S: All versions
MT8175: All versions
MT8362A: All versions
MT8365: All versions
MT8385: All versions
MT8518S: All versions
MT8532: All versions
MT8695: All versions
MT8696: All versions
MT8788: All versions
External links
http://corp.mediatek.com/product-security-bulletin/February-2023
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.