#VU71988 NULL pointer dereference in MediaTek products - CVE-2022-32663

Cybersecurity Help s.r.o.

Published: 2023-02-07

Vulnerability identifier: #VU71988

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-32663

CWE-ID: CWE-476

Exploitation vector: Network

Exploit availability: No

Vendor: MediaTek

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in Wi-Fi driver. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

MT5221: All versions

MT7603: All versions

MT7613: All versions

MT7615: All versions

MT7622: All versions

MT7628: All versions

MT7629: All versions

MT7668: All versions

MT7902: All versions

MT7915: All versions

MT7916: All versions

MT7921: All versions

MT7981: All versions

MT7986: All versions

MT8167S: All versions

MT8175: All versions

MT8362A: All versions

MT8365: All versions

MT8385: All versions

MT8518S: All versions

MT8532: All versions

MT8788: All versions

External links
https://corp.mediatek.com/product-security-bulletin/February-2023

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in MediaTek Chipsets