Vulnerability identifier: #VU87947
Vulnerability risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-787
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
MT2731
Mobile applications /
Mobile firmware & hardware
MT2735
Mobile applications /
Mobile firmware & hardware
MT2737
Mobile applications /
Mobile firmware & hardware
MT3967
Mobile applications /
Mobile firmware & hardware
MT6297
Mobile applications /
Mobile firmware & hardware
MT6298
Mobile applications /
Mobile firmware & hardware
MT6739
Mobile applications /
Mobile firmware & hardware
MT6761
Mobile applications /
Mobile firmware & hardware
MT6762
Mobile applications /
Mobile firmware & hardware
MT6762D
Mobile applications /
Mobile firmware & hardware
MT6762M
Mobile applications /
Mobile firmware & hardware
MT6763
Mobile applications /
Mobile firmware & hardware
MT6765
Mobile applications /
Mobile firmware & hardware
MT6765T
Mobile applications /
Mobile firmware & hardware
MT6767
Mobile applications /
Mobile firmware & hardware
MT6768
Mobile applications /
Mobile firmware & hardware
MT6769
Mobile applications /
Mobile firmware & hardware
MT6769T
Mobile applications /
Mobile firmware & hardware
MT6769Z
Mobile applications /
Mobile firmware & hardware
MT6771
Mobile applications /
Mobile firmware & hardware
MT6783
Mobile applications /
Mobile firmware & hardware
MT6785T
Mobile applications /
Mobile firmware & hardware
MT6785U
Mobile applications /
Mobile firmware & hardware
MT6789
Mobile applications /
Mobile firmware & hardware
MT6813
Mobile applications /
Mobile firmware & hardware
MT6815
Mobile applications /
Mobile firmware & hardware
MT6833
Mobile applications /
Mobile firmware & hardware
MT6835
Mobile applications /
Mobile firmware & hardware
MT6855
Mobile applications /
Mobile firmware & hardware
MT6875T
Mobile applications /
Mobile firmware & hardware
MT6879
Mobile applications /
Mobile firmware & hardware
MT6880
Mobile applications /
Mobile firmware & hardware
MT6886
Mobile applications /
Mobile firmware & hardware
MT6890
Mobile applications /
Mobile firmware & hardware
MT6895
Mobile applications /
Mobile firmware & hardware
MT6895T
Mobile applications /
Mobile firmware & hardware
MT6896
Mobile applications /
Mobile firmware & hardware
MT6897
Mobile applications /
Mobile firmware & hardware
MT6980
Mobile applications /
Mobile firmware & hardware
MT6980D
Mobile applications /
Mobile firmware & hardware
MT6983
Mobile applications /
Mobile firmware & hardware
MT6985
Mobile applications /
Mobile firmware & hardware
MT6986
Mobile applications /
Mobile firmware & hardware
MT6986D
Mobile applications /
Mobile firmware & hardware
MT6989
Mobile applications /
Mobile firmware & hardware
MT6990
Mobile applications /
Mobile firmware & hardware
MT8666
Mobile applications /
Mobile firmware & hardware
MT8667
Mobile applications /
Mobile firmware & hardware
MT8673
Mobile applications /
Mobile firmware & hardware
MT8675
Mobile applications /
Mobile firmware & hardware
MT8676
Mobile applications /
Mobile firmware & hardware
MT8765
Mobile applications /
Mobile firmware & hardware
MT8766
Mobile applications /
Mobile firmware & hardware
MT8768
Mobile applications /
Mobile firmware & hardware
MT8781
Mobile applications /
Mobile firmware & hardware
MT8786
Mobile applications /
Mobile firmware & hardware
MT8788
Mobile applications /
Mobile firmware & hardware
MT8791
Mobile applications /
Mobile firmware & hardware
MT8791T
Mobile applications /
Mobile firmware & hardware
MT8792
Mobile applications /
Mobile firmware & hardware
MT8796
Mobile applications /
Mobile firmware & hardware
MT8798
Mobile applications /
Mobile firmware & hardware
MT6779
Hardware solutions /
Firmware
MT6781
Hardware solutions /
Firmware
MT6785
Hardware solutions /
Firmware
MT6853
Hardware solutions /
Firmware
MT6873
Hardware solutions /
Firmware
MT6875
Hardware solutions /
Firmware
MT6877
Hardware solutions /
Firmware
MT6883
Hardware solutions /
Firmware
MT6885
Hardware solutions /
Firmware
MT6889
Hardware solutions /
Firmware
MT6891
Hardware solutions /
Firmware
MT6893
Hardware solutions /
Firmware
MT8797
Hardware solutions /
Firmware
Vendor: MediaTek
Description
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to a missing bounds check within Modem Protocol. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
Mitigation
Install security update from vendor's website.
Vulnerable software versions
MT2731: All versions
MT2735: All versions
MT2737: All versions
MT3967: All versions
MT6297: All versions
MT6298: All versions
MT6739: All versions
MT6761: All versions
MT6762: All versions
MT6762D: All versions
MT6762M: All versions
MT6763: All versions
MT6765: All versions
MT6765T: All versions
MT6767: All versions
MT6768: All versions
MT6769: All versions
MT6769T: All versions
MT6769Z: All versions
MT6771: All versions
MT6779: All versions
MT6781: All versions
MT6783: All versions
MT6785: All versions
MT6785T: All versions
MT6785U: All versions
MT6789: All versions
MT6813: All versions
MT6815: All versions
MT6833: All versions
MT6835: All versions
MT6853: All versions
MT6855: All versions
MT6873: All versions
MT6875: All versions
MT6875T: All versions
MT6877: All versions
MT6879: All versions
MT6880: All versions
MT6883: All versions
MT6885: All versions
MT6886: All versions
MT6889: All versions
MT6890: All versions
MT6891: All versions
MT6893: All versions
MT6895: All versions
MT6895T: All versions
MT6896: All versions
MT6897: All versions
MT6980: All versions
MT6980D: All versions
MT6983: All versions
MT6985: All versions
MT6986: All versions
MT6986D: All versions
MT6989: All versions
MT6990: All versions
MT8666: All versions
MT8667: All versions
MT8673: All versions
MT8675: All versions
MT8676: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8781: All versions
MT8786: All versions
MT8788: All versions
MT8791: All versions
MT8791T: All versions
MT8792: All versions
MT8796: All versions
MT8797: All versions
MT8798: All versions
External links
http://corp.mediatek.com/product-security-bulletin/April-2024
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.