Lucene search

MediaTekCVE-2022-26445

HistoryAug 01, 2022 - 2:15 p.m.

CVE-2022-26445

2022-08-0114:15:09

CWE-787

MediaTek

web.nvd.nist.gov

wifi

driver

out of bounds write

privilege escalation

cve-2022-26445

gn20220420088

nvd

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420088; Issue ID: GN20220420088.

Affected configurations

Nvd

Node

mediatekmt7603_firmwareMatch7.6.2.3

AND

mediatekmt7603Match-

Node

mediatekmt7610_firmwareMatch7.6.2.3

AND

mediatekmt7610Match-

Node

mediatekmt7612_firmwareMatch7.6.2.3

AND

mediatekmt7612Match-

Node

mediatekmt7613_firmwareMatch7.6.2.3

AND

mediatekmt7613Match-

Node

mediatekmt7615_firmwareMatch7.6.2.3

AND

mediatekmt7615Match-

Node

mediatekmt7620_firmwareMatch7.6.2.3

AND

mediatekmt7620Match-

Node

mediatekmt7622_firmwareMatch7.6.2.3

AND

mediatekmt7622Match-

Node

mediatekmt7628_firmwareMatch7.6.2.3

AND

mediatekmt7628Match-

Node

mediatekmt7629_firmwareMatch7.6.2.3

AND

mediatekmt7629Match-

Node

mediatekmt7915_firmwareMatch7.6.2.3

AND

mediatekmt7915Match-

Node

mediatekmt7916_firmwareMatch7.6.2.3

AND

mediatekmt7916Match-

Node

mediatekmt7986_firmwareMatch7.6.2.3

AND

mediatekmt7986Match-

Node

mediatekmt8981_firmwareMatch7.6.2.3

AND

mediatekmt8981Match-

VendorProductVersionCPE
mediatekmt7603_firmware7.6.2.3cpe:2.3:o:mediatek:mt7603_firmware:7.6.2.3:*:*:*:*:*:*:*
mediatekmt7603-cpe:2.3:h:mediatek:mt7603:-:*:*:*:*:*:*:*
mediatekmt7610_firmware7.6.2.3cpe:2.3:o:mediatek:mt7610_firmware:7.6.2.3:*:*:*:*:*:*:*
mediatekmt7610-cpe:2.3:h:mediatek:mt7610:-:*:*:*:*:*:*:*
mediatekmt7612_firmware7.6.2.3cpe:2.3:o:mediatek:mt7612_firmware:7.6.2.3:*:*:*:*:*:*:*
mediatekmt7612-cpe:2.3:h:mediatek:mt7612:-:*:*:*:*:*:*:*
mediatekmt7613_firmware7.6.2.3cpe:2.3:o:mediatek:mt7613_firmware:7.6.2.3:*:*:*:*:*:*:*
mediatekmt7613-cpe:2.3:h:mediatek:mt7613:-:*:*:*:*:*:*:*
mediatekmt7615_firmware7.6.2.3cpe:2.3:o:mediatek:mt7615_firmware:7.6.2.3:*:*:*:*:*:*:*
mediatekmt7615-cpe:2.3:h:mediatek:mt7615:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mediatek	mt7603_firmware	7.6.2.3	cpe:2.3:o:mediatek:mt7603_firmware:7.6.2.3:::::::*
mediatek	mt7603	-	cpe:2.3:h:mediatek:mt7603:-:::::::*
mediatek	mt7610_firmware	7.6.2.3	cpe:2.3:o:mediatek:mt7610_firmware:7.6.2.3:::::::*
mediatek	mt7610	-	cpe:2.3:h:mediatek:mt7610:-:::::::*
mediatek	mt7612_firmware	7.6.2.3	cpe:2.3:o:mediatek:mt7612_firmware:7.6.2.3:::::::*
mediatek	mt7612	-	cpe:2.3:h:mediatek:mt7612:-:::::::*
mediatek	mt7613_firmware	7.6.2.3	cpe:2.3:o:mediatek:mt7613_firmware:7.6.2.3:::::::*
mediatek	mt7613	-	cpe:2.3:h:mediatek:mt7613:-:::::::*
mediatek	mt7615_firmware	7.6.2.3	cpe:2.3:o:mediatek:mt7615_firmware:7.6.2.3:::::::*
mediatek	mt7615	-	cpe:2.3:h:mediatek:mt7615:-:::::::*

Rows per page:

1-10 of 261

CNA Affected

[
  {
    "product": "MT7603, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915, MT7916, MT7986, MT8981",
    "vendor": "MediaTek, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "7.6.2.3"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/August-2022

Social References

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

Related for CVE-2022-26445