Headline
CVE-2022-20023: January 2022
In Bluetooth, there is a possible application crash due to bluetooth flooding a device with LMP_AU_rand packet. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198608; Issue ID: ALPS06198608.
January 2022 Product Security Bulletin
Published January 3, 2022
The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT, Smart display, Wi-Fi and TV chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least two months before publication.
The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).
****Summary****
Severity
CVEs
High
CVE-2021-40148, CVE-2021-35055, CVE-2021-37560, CVE-2021-37561, CVE-2021-37584, CVE-2021-37563, CVE-2021-37566, CVE-2021-37569, CVE-2021-37568, CVE-2021-37583, CVE-2021-37571, CVE-2021-31345, CVE-2021-31346, CVE-2021-31889, CVE-2021-31890
Medium
CVE-2022-20012, CVE-2022-20013, CVE-2022-20014, CVE-2022-20015, CVE-2022-20016, CVE-2022-20018, CVE-2022-20019, CVE-2022-20020, CVE-2022-20021, CVE-2022-20022, CVE-2022-20023, CVE-2021-32467, CVE-2021-32468, CVE-2021-32469, CVE-2021-37562, CVE-2021-37567, CVE-2021-37565, CVE-2021-37564, CVE-2021-37570, CVE-2021-37572, CVE-2021-41788, CVE-2021-41789
****Details****
CVE
CVE-2021-40148
Title
Information disclosure in Modem EMM
Severity
High
Vulnerability Type
ID
CWE
CWE-200 Information Disclosure
Description
In Modem EMM, there is a possible information disclosure due to a missing data encryption. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT2731, MT2735, MT3967, MT6297, MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769T, MT6769Z, MT6771, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6833, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8666, MT8675, MT8765, MT8766, MT8768, MT8771, MT8786, MT8788, MT8791, MT8797
Affected Software Versions
Modem L9, LR11, LR12, LR12A, LR13, NR15
CVE
CVE-2021-35055
Title
Out-of-bounds write in wifi driver
Severity
High
Vulnerability Type
EoP
CWE
CWE-787 Out-of-bounds Write
Description
In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege from a proximal attacker, if WPS is used, with no additional execution privileges needed. User interaction is needed for exploitation.
Affected Chipsets
MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915
Affected Software Versions
7.4.0.0
CVE
CVE-2021-37560
Title
Out-of-bounds write in wifi driver
Severity
High
Vulnerability Type
EoP
CWE
CWE-787 Out-of-bounds Write
Description
In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege from a proximal attacker, if WPS is used, with no additional execution privileges needed. User interaction is needed for exploitation.
Affected Chipsets
MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915
Affected Software Versions
7.4.0.0
CVE
CVE-2021-37561
Title
Out-of-bounds write in wifi driver
Severity
High
Vulnerability Type
EoP
CWE
CWE-787 Out-of-bounds Write
Description
In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege from a proximal attacker, if WPS is used, with no additional execution privileges needed. User interaction is needed for exploitation.
Affected Chipsets
MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915
Affected Software Versions
7.4.0.0
CVE
CVE-2021-37584
Title
Out-of-bounds write in wifi driver
Severity
High
Vulnerability Type
EoP
CWE
CWE-787 Out-of-bounds Write
Description
In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege from a proximal attacker, if WPS is used, with no additional execution privileges needed. User interaction is needed for exploitation.
Affected Chipsets
MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915
Affected Software Versions
7.4.0.0
CVE
CVE-2021-37563
Title
Out-of-bounds write in wifi driver
Severity
High
Vulnerability Type
EoP
CWE
CWE-787 Out-of-bounds Write
Description
In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege from a proximal attacker, if WPS is used, with no additional execution privileges needed. User interaction is needed for exploitation.
Affected Chipsets
MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915
Affected Software Versions
7.4.0.0
CVE
CVE-2021-37566
Title
Out-of-bounds write in 1905 daemon
Severity
High
Vulnerability Type
EoP
CWE
CWE-787 Out-of-bounds Write
Description
In 1905 daemon, there is a possible out of bounds write due to a incorrect bounds check. This could lead to remote escalation of privilege from a proximal attacker, if Wi-Fi EasyMesh R2 is used, with no additional execution privileges needed. User interaction is needed for exploitation.
Affected Chipsets
MT7603E, MT7610, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915
Affected Software Versions
2.0.2
CVE
CVE-2021-37569
Title
Out-of-bounds write in 1905 daemon
Severity
High
Vulnerability Type
EoP
CWE
CWE-787 Out-of-bounds Write
Description
In 1905 daemon, there is a possible out of bounds write due to a incorrect bounds check. This could lead to remote escalation of privilege from a proximal attacker, if Wi-Fi EasyMesh R2 is used, with no additional execution privileges needed. User interaction is needed for exploitation.
Affected Chipsets
MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915
Affected Software Versions
2.0.2
CVE
CVE-2021-37568
Title
Out-of-bounds write in 1905 daemon
Severity
High
Vulnerability Type
EoP
CWE
CWE-787 Out-of-bounds Write
Description
In 1905 daemon, there is a possible out of bounds write due to a incorrect bounds check. This could lead to remote escalation of privilege from a proximal attacker, if Wi-Fi EasyMesh R2 is used, with no additional execution privileges needed. User interaction is needed for exploitation.
Affected Chipsets
MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915
Affected Software Versions
2.0.2
CVE
CVE-2021-37583
Title
Out-of-bounds write in 1905 daemon
Severity
High
Vulnerability Type
EoP
CWE
CWE-787 Out-of-bounds Write
Description
In 1905 daemon, there is a possible out of bounds write due to a incorrect bounds check. This could lead to remote escalation of privilege from a proximal attacker, if Wi-Fi EasyMesh R2 is used, with no additional execution privileges needed. User interaction is needed for exploitation.
Affected Chipsets
MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915
Affected Software Versions
2.0.2
CVE
CVE-2021-37571
Title
Out-of-bounds write in 1905 daemon
Severity
High
Vulnerability Type
EoP
CWE
CWE-787 Out-of-bounds Write
Description
In 1905 daemon, there is a possible out of bounds write due to a incorrect bounds check. This could lead to remote escalation of privilege from a proximal attacker, if Wi-Fi EasyMesh R2 is used, with no additional execution privileges needed. User interaction is needed for exploitation.
Affected Chipsets
MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915
Affected Software Versions
2.0.2
CVE
CVE-2021-31345
Title
Improper restriction of operations within the bounds of a memory buffer in Modem
Severity
High
Vulnerability Type
ID
CWE
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
In Modem UDP protocol integrated from Nucleus NET TCP/IP software, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure or denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT2735, MT6779, MT6781, MT6783, MT6785, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8771, MT8789, MT8791, MT8797
Affected Software Versions
Modem LR13, NR15
CVE
CVE-2021-31346
Title
Improper restriction of operations within the bounds of a memory buffer in Modem
Severity
High
Vulnerability Type
ID
CWE
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
In Modem ICMP protocol integrated from Nucleus NET TCP/IP software, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure or denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT2735, MT6779, MT6781, MT6783, MT6785, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8771, MT8789, MT8791, MT8797
Affected Software Versions
Modem LR13, NR15
CVE
CVE-2021-31889
Title
Improper restriction of operations within the bounds of a memory buffer in Modem
Severity
High
Vulnerability Type
DoS
CWE
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
In Modem TCP protocol integrated from Nucleus NET TCP/IP software, there is a possible system crash due to an improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT2731, MT2735, MT6725, MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769T, MT6769Z, MT6771, MT6779, MT6781, MT6783, MT6785, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8765, MT8766, MT8768, MT8771, MT8786, MT8788, MT8789, MT8791, MT8797
Affected Software Versions
Modem LR12A, LR13, NR15
CVE
CVE-2021-31890
Title
Improper restriction of operations within the bounds of a memory buffer in Modem
Severity
High
Vulnerability Type
ID
CWE
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
In Modem TCP protocol integrated from Nucleus NET TCP/IP software, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure or denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT2735, MT6779, MT6781, MT6783, MT6785, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8771, MT8789, MT8791, MT8797
Affected Software Versions
Modem LR13, NR15
CVE
CVE-2022-20012
Title
Integer overflow or wraparound in mdp driver
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-190 Integer Overflow or Wraparound
Description
In mdp driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6739, MT6750, MT6750S, MT6753, MT6755, MT6757, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8127, MT8163, MT8167, MT8168, MT8169, MT8173, MT8183, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8788
Affected Software Versions
Android 10.0, 11.0, 12.0
CVE
CVE-2022-20013
Title
Time-of-check time-of-use (toctou) race condition in vow driver
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
Description
In vow driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8185, MT8789, MT8791, MT8797
Affected Software Versions
Android 10.0, 11.0
CVE
CVE-2022-20014
Title
Improper input validation in vow driver
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-20 Improper Input Validation
Description
In vow driver, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8183, MT8185, MT8385, MT8788, MT8789
Affected Software Versions
Android 10.0, 11.0, 12.0
CVE
CVE-2022-20015
Title
Exposure of sensitive information to an unauthorized actor in kd_camera_hw driver
Severity
Medium
Vulnerability Type
ID
CWE
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Description
In kd_camera_hw driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6739, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6893, MT8169
Affected Software Versions
Android 10.0, 11.0
CVE
CVE-2022-20016
Title
Improper restriction of operations within the bounds of a memory buffer in vow driver
Severity
Medium
Vulnerability Type
EoP
CWE
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
In vow driver, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8185, MT8789, MT8791, MT8797
Affected Software Versions
Android 10.0, 11.0
CVE
CVE-2022-20018
Title
Exposure of sensitive information to an unauthorized actor in seninf driver
Severity
Medium
Vulnerability Type
ID
CWE
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Description
In seninf driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6739, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8167, MT8168, MT8173, MT8362A, MT8365
Affected Software Versions
Android 10.0, 11.0, 12.0
CVE
CVE-2022-20019
Title
Exposure of sensitive information to an unauthorized actor in libMtkOmxGsmDec
Severity
Medium
Vulnerability Type
ID
CWE
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Description
In libMtkOmxGsmDec, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6595, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8768
Affected Software Versions
Android 10.0, 11.0
CVE
CVE-2022-20020
Title
Exposure of sensitive information to an unauthorized actor in libvcodecdrv
Severity
Medium
Vulnerability Type
ID
CWE
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Description
In libvcodecdrv, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6739, MT6768, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8167, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797
Affected Software Versions
Android 11.0
CVE
CVE-2022-20021
Title
Expected behavior violation in Bluetooth
Severity
Medium
Vulnerability Type
DoS
CWE
CWE-440 Expected Behavior Violation
Description
In Bluetooth, there is a possible application crash due to bluetooth does not properly handle the reception of multiple LMP_host_connection_req. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6630, MT6735, MT6737, MT6739, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6763, MT6771, MT7662T, MT7663, MT7668, MT8163, MT8167, MT8167S, MT8173, MT8183, MT8321, MT8362A, MT8362B, MT8385, MT8765, MT8788
Affected Software Versions
Android 10.0, 11.0
CVE
CVE-2022-20022
Title
Expected behavior violation in Bluetooth
Severity
Medium
Vulnerability Type
DoS
CWE
CWE-440 Expected Behavior Violation
Description
In Bluetooth, there is a possible link disconnection due to bluetooth does not properly handle a connection attempt from a host with the same BD address as the currently connected BT host. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6630, MT6735, MT6737, MT6739, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6763, MT6771, MT7662T, MT7663, MT7668, MT8163, MT8167, MT8167S, MT8173, MT8183, MT8321, MT8362A, MT8362B, MT8385, MT8765, MT8788
Affected Software Versions
Android 10.0, 11.0
CVE
CVE-2022-20023
Title
Expected behavior violation in Bluetooth
Severity
Medium
Vulnerability Type
DoS
CWE
CWE-440 Expected Behavior Violation
Description
In Bluetooth, there is a possible application crash due to bluetooth flooding a device with LMP_AU_rand packet. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT6580, MT6630, MT6735, MT6737, MT6739, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6889, MT6893, MT7662T, MT7663, MT7668, MT7915, MT7920, MT7921, MT7922, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8195, MT8321, MT8362A, MT8362B, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797
Affected Software Versions
Android 10.0, 11.0
CVE
CVE-2021-32467
Title
Out-of-bounds read in wifi driver
Severity
Medium
Vulnerability Type
DoS
CWE
CWE-125 Out-of-bounds Read
Description
In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service from a proximal attacker, if WPS is used, with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915
Affected Software Versions
7.4.0.0
CVE
CVE-2021-32468
Title
Out-of-bounds read in wifi driver
Severity
Medium
Vulnerability Type
DoS
CWE
CWE-125 Out-of-bounds Read
Description
In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service from a proximal attacker, if WPS is used, with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915
Affected Software Versions
7.4.0.0
CVE
CVE-2021-32469
Title
Out-of-bounds read in wifi driver
Severity
Medium
Vulnerability Type
DoS
CWE
CWE-125 Out-of-bounds Read
Description
In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service from a proximal attacker, if WPS is used, with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915
Affected Software Versions
7.4.0.0
CVE
CVE-2021-37562
Title
Out-of-bounds read in wifi driver
Severity
Medium
Vulnerability Type
DoS
CWE
CWE-125 Out-of-bounds Read
Description
In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service from a proximal attacker, if WPS is used, with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915
Affected Software Versions
7.4.0.0
CVE
CVE-2021-37567
Title
Out-of-bounds read in 1905 daemon
Severity
Medium
Vulnerability Type
DoS
CWE
CWE-125 Out-of-bounds Read
Description
In 1905 daemon, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service from a proximal attacker, if Wi-Fi EasyMesh R2 is used, with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915
Affected Software Versions
2.0.2
CVE
CVE-2021-37565
Title
Out-of-bounds read in 1905 daemon
Severity
Medium
Vulnerability Type
DoS
CWE
CWE-125 Out-of-bounds Read
Description
In 1905 daemon, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service from a proximal attacker, if Wi-Fi EasyMesh R2 is used, with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915
Affected Software Versions
2.0.2
CVE
CVE-2021-37564
Title
Out-of-bounds read in 1905 daemon
Severity
Medium
Vulnerability Type
DoS
CWE
CWE-125 Out-of-bounds Read
Description
In 1905 daemon, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service from a proximal attacker, if Wi-Fi EasyMesh R2 is used, with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915
Affected Software Versions
2.0.2
CVE
CVE-2021-37570
Title
Out-of-bounds read in 1905 daemon
Severity
Medium
Vulnerability Type
DoS
CWE
CWE-125 Out-of-bounds Read
Description
In 1905 daemon, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service from a proximal attacker, if Wi-Fi EasyMesh R2 is used, with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915
Affected Software Versions
2.0.2
CVE
CVE-2021-37572
Title
Missing authorization in 1905 daemon
Severity
Medium
Vulnerability Type
DoS
CWE
CWE-862 Missing Authorization
Description
In 1905 daemon, there is a possible missing authorization due to a missing permission check. This could lead to remote denial of service from a proximal attacker, if attacker can connect to Wi-Fi using EasyMesh R2, with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915
Affected Software Versions
2.0.2
CVE
CVE-2021-41788
Title
Improper input validation in wifi driver
Severity
Medium
Vulnerability Type
DoS
CWE
CWE-20 Improper Input Validation
Description
In wifi driver, there is a possible system crash due to a missing validation check. This could lead to remote denial of service from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT7603E, MT7612, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915
Affected Software Versions
7.4.0.0
CVE
CVE-2021-41789
Title
Improper input validation in wifi driver
Severity
Medium
Vulnerability Type
DoS
CWE
CWE-20 Improper Input Validation
Description
In wifi driver, there is a possible system crash due to a missing validation check. This could lead to remote denial of service from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Chipsets
MT7615, MT7622
Affected Software Versions
4.4.1.1
****Vulnerability Type Definition****
Abbreviation
Definition
RCE
Remote Code Execution
EoP
Elevation of Privilege
ID
Information Disclosure
DoS
Denial of Service
N/A
Classification not available
****Versions****
Version
Date
Description
1.0
January 3, 2022
Bulletin published.
****Notes****
Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.
If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.