CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
71.8%
In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Patch ID: A20220004; Issue ID: OSBNB00140929.
Vendor | Product | Version | CPE |
---|---|---|---|
mediatek | linkit_software_development_kit | * | cpe:2.3:a:mediatek:linkit_software_development_kit:*:*:*:*:*:*:*:* |
mediatek | en7516 | - | cpe:2.3:h:mediatek:en7516:-:*:*:*:*:*:*:* |
mediatek | en7528 | - | cpe:2.3:h:mediatek:en7528:-:*:*:*:*:*:*:* |
mediatek | en7529 | - | cpe:2.3:h:mediatek:en7529:-:*:*:*:*:*:*:* |
mediatek | en7561 | - | cpe:2.3:h:mediatek:en7561:-:*:*:*:*:*:*:* |
mediatek | en7562 | - | cpe:2.3:h:mediatek:en7562:-:*:*:*:*:*:*:* |
mediatek | en7580 | - | cpe:2.3:h:mediatek:en7580:-:*:*:*:*:*:*:* |
[
{
"vendor": "MediaTek, Inc.",
"product": "EN7516, EN7528, EN7529, EN7561, EN7562, EN7580",
"versions": [
{
"version": "Linux SDK versions less than TLM-7.3.293.0",
"status": "affected"
}
]
}
]
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
71.8%