Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for MT6890, MT6990, MT7622 by MediaTek, Inc.

    CVE-2024-20072 (GCVE-0-2024-20072)

    Vulnerability from nvd – Published: 2024-06-03 02:04 – Updated: 2024-08-01 21:52
    VLAI
    Summary
    In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00364732; Issue ID: MSV-1332.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    MediaTek, Inc. MT6890, MT6990, MT7622 Affected: SDK version 5.0.5.0 and before / OpenWRT 19.07, 21.02, 23.05
    Create a notification for this product.
    mediatek mt6890 Affected: *
        cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*
    Create a notification for this product.
    mediatek mt6990 Affected: *
        cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*
    Create a notification for this product.
    mediatek mt7622 Affected: *
        cpe:2.3:h:mediatek:mt7622:-:*:*:*:*:*:*:*
    Create a notification for this product.
    openwrt openwrt Affected: *
        cpe:2.3:o:openwrt:openwrt:23.05:*:*:*:*:*:*:*
        cpe:2.3:a:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*
        cpe:2.3:o:openwrt:openwrt:21.02:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mt6890",
                "vendor": "mediatek",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mt6990",
                "vendor": "mediatek",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:mediatek:mt7622:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mt7622",
                "vendor": "mediatek",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:openwrt:openwrt:23.05:*:*:*:*:*:*:*",
                  "cpe:2.3:a:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*",
                  "cpe:2.3:o:openwrt:openwrt:21.02:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "openwrt",
                "vendor": "openwrt",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20072",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-04T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.6,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-05T04:01:15.285Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:52:31.693Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://corp.mediatek.com/product-security-bulletin/June-2024"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MT6890, MT6990, MT7622",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "SDK version 5.0.5.0 and before / OpenWRT 19.07, 21.02, 23.05"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00364732; Issue ID: MSV-1332."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-03T02:04:53.505Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/June-2024"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2024-20072",
        "datePublished": "2024-06-03T02:04:53.505Z",
        "dateReserved": "2023-11-02T13:35:35.171Z",
        "dateUpdated": "2024-08-01T21:52:31.693Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20071 (GCVE-0-2024-20071)

    Vulnerability from nvd – Published: 2024-06-03 02:04 – Updated: 2024-10-29 20:56
    VLAI
    Summary
    In wlan driver, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00364733; Issue ID: MSV-1331.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    MediaTek, Inc. MT6890, MT6990, MT7622 Affected: SDK version 5.0.5.0 and before / OpenWRT 19.07, 21.02, 23.05
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20071",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-03T14:18:22.833941Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-29T20:56:19.598Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:52:38.876Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://corp.mediatek.com/product-security-bulletin/June-2024"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MT6890, MT6990, MT7622",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "SDK version 5.0.5.0 and before / OpenWRT 19.07, 21.02, 23.05"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In wlan driver, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00364733; Issue ID: MSV-1331."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-03T02:04:51.932Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/June-2024"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2024-20071",
        "datePublished": "2024-06-03T02:04:51.932Z",
        "dateReserved": "2023-11-02T13:35:35.171Z",
        "dateUpdated": "2024-10-29T20:56:19.598Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20072 (GCVE-0-2024-20072)

    Vulnerability from cvelistv5 – Published: 2024-06-03 02:04 – Updated: 2024-08-01 21:52
    VLAI
    Summary
    In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00364732; Issue ID: MSV-1332.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    MediaTek, Inc. MT6890, MT6990, MT7622 Affected: SDK version 5.0.5.0 and before / OpenWRT 19.07, 21.02, 23.05
    Create a notification for this product.
    mediatek mt6890 Affected: *
        cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*
    Create a notification for this product.
    mediatek mt6990 Affected: *
        cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*
    Create a notification for this product.
    mediatek mt7622 Affected: *
        cpe:2.3:h:mediatek:mt7622:-:*:*:*:*:*:*:*
    Create a notification for this product.
    openwrt openwrt Affected: *
        cpe:2.3:o:openwrt:openwrt:23.05:*:*:*:*:*:*:*
        cpe:2.3:a:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*
        cpe:2.3:o:openwrt:openwrt:21.02:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mt6890",
                "vendor": "mediatek",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mt6990",
                "vendor": "mediatek",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:mediatek:mt7622:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "mt7622",
                "vendor": "mediatek",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:openwrt:openwrt:23.05:*:*:*:*:*:*:*",
                  "cpe:2.3:a:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*",
                  "cpe:2.3:o:openwrt:openwrt:21.02:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "openwrt",
                "vendor": "openwrt",
                "versions": [
                  {
                    "status": "affected",
                    "version": "*"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20072",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-04T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.6,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-05T04:01:15.285Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:52:31.693Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://corp.mediatek.com/product-security-bulletin/June-2024"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MT6890, MT6990, MT7622",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "SDK version 5.0.5.0 and before / OpenWRT 19.07, 21.02, 23.05"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00364732; Issue ID: MSV-1332."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-03T02:04:53.505Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/June-2024"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2024-20072",
        "datePublished": "2024-06-03T02:04:53.505Z",
        "dateReserved": "2023-11-02T13:35:35.171Z",
        "dateUpdated": "2024-08-01T21:52:31.693Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20071 (GCVE-0-2024-20071)

    Vulnerability from cvelistv5 – Published: 2024-06-03 02:04 – Updated: 2024-10-29 20:56
    VLAI
    Summary
    In wlan driver, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00364733; Issue ID: MSV-1331.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    MediaTek, Inc. MT6890, MT6990, MT7622 Affected: SDK version 5.0.5.0 and before / OpenWRT 19.07, 21.02, 23.05
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20071",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-03T14:18:22.833941Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-29T20:56:19.598Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:52:38.876Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://corp.mediatek.com/product-security-bulletin/June-2024"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MT6890, MT6990, MT7622",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "SDK version 5.0.5.0 and before / OpenWRT 19.07, 21.02, 23.05"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In wlan driver, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00364733; Issue ID: MSV-1331."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-03T02:04:51.932Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/June-2024"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2024-20071",
        "datePublished": "2024-06-03T02:04:51.932Z",
        "dateReserved": "2023-11-02T13:35:35.171Z",
        "dateUpdated": "2024-10-29T20:56:19.598Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }