Search
Find a vulnerability
Search criteria
4 vulnerabilities found for MT6890, MT6990, MT7622 by MediaTek, Inc.
CVE-2024-20072 (GCVE-0-2024-20072)
Vulnerability from nvd – Published: 2024-06-03 02:04 – Updated: 2024-08-01 21:52
VLAI
EPSS
VEX
Summary
In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00364732; Issue ID: MSV-1332.
Severity
6.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| MediaTek, Inc. | MT6890, MT6990, MT7622 |
Affected:
SDK version 5.0.5.0 and before / OpenWRT 19.07, 21.02, 23.05
|
|
| mediatek | mt6890 |
Affected:
*
cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:* |
|
| mediatek | mt6990 |
Affected:
*
cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:* |
|
| mediatek | mt7622 |
Affected:
*
cpe:2.3:h:mediatek:mt7622:-:*:*:*:*:*:*:* |
|
| openwrt | openwrt |
Affected:
*
cpe:2.3:o:openwrt:openwrt:23.05:*:*:*:*:*:*:* cpe:2.3:a:openwrt:openwrt:19.07.0:-:*:*:*:*:*:* cpe:2.3:o:openwrt:openwrt:21.02:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6890",
"vendor": "mediatek",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6990",
"vendor": "mediatek",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt7622:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt7622",
"vendor": "mediatek",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:openwrt:openwrt:23.05:*:*:*:*:*:*:*",
"cpe:2.3:a:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*",
"cpe:2.3:o:openwrt:openwrt:21.02:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "openwrt",
"vendor": "openwrt",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20072",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T04:01:15.285Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:52:31.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/June-2024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MT6890, MT6990, MT7622",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "SDK version 5.0.5.0 and before / OpenWRT 19.07, 21.02, 23.05"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00364732; Issue ID: MSV-1332."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-03T02:04:53.505Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/June-2024"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2024-20072",
"datePublished": "2024-06-03T02:04:53.505Z",
"dateReserved": "2023-11-02T13:35:35.171Z",
"dateUpdated": "2024-08-01T21:52:31.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20071 (GCVE-0-2024-20071)
Vulnerability from nvd – Published: 2024-06-03 02:04 – Updated: 2024-10-29 20:56
VLAI
EPSS
VEX
Summary
In wlan driver, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00364733; Issue ID: MSV-1331.
Severity
4.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MediaTek, Inc. | MT6890, MT6990, MT7622 |
Affected:
SDK version 5.0.5.0 and before / OpenWRT 19.07, 21.02, 23.05
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-20071",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T14:18:22.833941Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T20:56:19.598Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:52:38.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/June-2024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MT6890, MT6990, MT7622",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "SDK version 5.0.5.0 and before / OpenWRT 19.07, 21.02, 23.05"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In wlan driver, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00364733; Issue ID: MSV-1331."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-03T02:04:51.932Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/June-2024"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2024-20071",
"datePublished": "2024-06-03T02:04:51.932Z",
"dateReserved": "2023-11-02T13:35:35.171Z",
"dateUpdated": "2024-10-29T20:56:19.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20072 (GCVE-0-2024-20072)
Vulnerability from cvelistv5 – Published: 2024-06-03 02:04 – Updated: 2024-08-01 21:52
VLAI
EPSS
VEX
Summary
In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00364732; Issue ID: MSV-1332.
Severity
6.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| MediaTek, Inc. | MT6890, MT6990, MT7622 |
Affected:
SDK version 5.0.5.0 and before / OpenWRT 19.07, 21.02, 23.05
|
|
| mediatek | mt6890 |
Affected:
*
cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:* |
|
| mediatek | mt6990 |
Affected:
*
cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:* |
|
| mediatek | mt7622 |
Affected:
*
cpe:2.3:h:mediatek:mt7622:-:*:*:*:*:*:*:* |
|
| openwrt | openwrt |
Affected:
*
cpe:2.3:o:openwrt:openwrt:23.05:*:*:*:*:*:*:* cpe:2.3:a:openwrt:openwrt:19.07.0:-:*:*:*:*:*:* cpe:2.3:o:openwrt:openwrt:21.02:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6890",
"vendor": "mediatek",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt6990",
"vendor": "mediatek",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:h:mediatek:mt7622:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mt7622",
"vendor": "mediatek",
"versions": [
{
"status": "affected",
"version": "*"
}
]
},
{
"cpes": [
"cpe:2.3:o:openwrt:openwrt:23.05:*:*:*:*:*:*:*",
"cpe:2.3:a:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*",
"cpe:2.3:o:openwrt:openwrt:21.02:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "openwrt",
"vendor": "openwrt",
"versions": [
{
"status": "affected",
"version": "*"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20072",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T04:01:15.285Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:52:31.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/June-2024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MT6890, MT6990, MT7622",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "SDK version 5.0.5.0 and before / OpenWRT 19.07, 21.02, 23.05"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00364732; Issue ID: MSV-1332."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-03T02:04:53.505Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/June-2024"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2024-20072",
"datePublished": "2024-06-03T02:04:53.505Z",
"dateReserved": "2023-11-02T13:35:35.171Z",
"dateUpdated": "2024-08-01T21:52:31.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20071 (GCVE-0-2024-20071)
Vulnerability from cvelistv5 – Published: 2024-06-03 02:04 – Updated: 2024-10-29 20:56
VLAI
EPSS
VEX
Summary
In wlan driver, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00364733; Issue ID: MSV-1331.
Severity
4.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MediaTek, Inc. | MT6890, MT6990, MT7622 |
Affected:
SDK version 5.0.5.0 and before / OpenWRT 19.07, 21.02, 23.05
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-20071",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T14:18:22.833941Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T20:56:19.598Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:52:38.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/June-2024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MT6890, MT6990, MT7622",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "SDK version 5.0.5.0 and before / OpenWRT 19.07, 21.02, 23.05"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In wlan driver, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00364733; Issue ID: MSV-1331."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-03T02:04:51.932Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/June-2024"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2024-20071",
"datePublished": "2024-06-03T02:04:51.932Z",
"dateReserved": "2023-11-02T13:35:35.171Z",
"dateUpdated": "2024-10-29T20:56:19.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}