Search criteria
9 vulnerabilities found for linkit_software_development_kit by mediatek
FKIE_CVE-2022-32664
Vulnerability from fkie_nvd - Published: 2023-01-03 21:15 - Updated: 2025-04-10 16:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Patch ID: A20220004; Issue ID: OSBNB00140929.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mediatek:linkit_software_development_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "080D2ABE-FAE2-4091-956B-A269C62B2BD3",
"versionEndExcluding": "7.3.293.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:en7516:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17F70336-68D6-4376-B405-CF2D7E3C607F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mediatek:linkit_software_development_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "080D2ABE-FAE2-4091-956B-A269C62B2BD3",
"versionEndExcluding": "7.3.293.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:en7528:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD990C82-4C61-479B-A49F-11A3C0812AC5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mediatek:linkit_software_development_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "080D2ABE-FAE2-4091-956B-A269C62B2BD3",
"versionEndExcluding": "7.3.293.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:en7529:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A428BF9-1905-4D34-A912-7352739FAD5B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mediatek:linkit_software_development_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "080D2ABE-FAE2-4091-956B-A269C62B2BD3",
"versionEndExcluding": "7.3.293.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:en7561:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69D2BB18-DC67-4653-8B0D-32E4C7C015CE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mediatek:linkit_software_development_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "080D2ABE-FAE2-4091-956B-A269C62B2BD3",
"versionEndExcluding": "7.3.293.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:en7562:-:*:*:*:*:*:*:*",
"matchCriteriaId": "561E91EF-83A4-4C9C-AB16-EF4F24456787",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mediatek:linkit_software_development_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "080D2ABE-FAE2-4091-956B-A269C62B2BD3",
"versionEndExcluding": "7.3.293.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:en7580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "061DBB68-80AF-4016-AAE0-EE9DFDFB341B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Patch ID: A20220004; Issue ID: OSBNB00140929."
},
{
"lang": "es",
"value": "En Config Manager, existe una posible inyecci\u00f3n de comando debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda conducir a una escalada remota de privilegios con privilegios de ejecuci\u00f3n del usuario necesarios. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: A20220004; ID del problema: OSBNB00140929."
}
],
"id": "CVE-2022-32664",
"lastModified": "2025-04-10T16:15:19.363",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-01-03T21:15:12.653",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/January-2023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/January-2023"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-32665
Vulnerability from fkie_nvd - Published: 2023-01-03 21:15 - Updated: 2025-04-10 16:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In Boa, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20220026; Issue ID: OSBNB00144124.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mediatek | linkit_software_development_kit | * | |
| mediatek | en7528 | - | |
| mediatek | linkit_software_development_kit | * | |
| mediatek | en7580 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mediatek:linkit_software_development_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED17B72-EC4D-46FC-8816-D5FF2A9675C7",
"versionEndExcluding": "tlb7.3.258.100-p1-1555",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:en7528:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD990C82-4C61-479B-A49F-11A3C0812AC5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mediatek:linkit_software_development_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED17B72-EC4D-46FC-8816-D5FF2A9675C7",
"versionEndExcluding": "tlb7.3.258.100-p1-1555",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:en7580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "061DBB68-80AF-4016-AAE0-EE9DFDFB341B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Boa, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20220026; Issue ID: OSBNB00144124."
},
{
"lang": "es",
"value": "En Boa, existe una posible inyecci\u00f3n de comando debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda conducir a una escalada remota de privilegios sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: A20220026; ID del problema: OSBNB00144124."
}
],
"id": "CVE-2022-32665",
"lastModified": "2025-04-10T16:15:19.547",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-01-03T21:15:12.700",
"references": [
{
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/January-2023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://corp.mediatek.com/product-security-bulletin/January-2023"
}
],
"sourceIdentifier": "security@mediatek.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-30636
Vulnerability from fkie_nvd - Published: 2022-01-24 01:15 - Updated: 2024-11-21 06:04
Severity ?
Summary
In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corruption due to an integer overflow during mishandled memory allocation by pvPortCalloc and pvPortRealloc.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04 | Mitigation, Third Party Advisory, US Government Resource, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04 | Mitigation, Third Party Advisory, US Government Resource, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mediatek | linkit_software_development_kit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mediatek:linkit_software_development_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FE47238-E88A-49C5-81AE-F3D4AE0D6282",
"versionEndExcluding": "4.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corruption due to an integer overflow during mishandled memory allocation by pvPortCalloc and pvPortRealloc."
},
{
"lang": "es",
"value": "En MediaTek LinkIt SDK versiones anteriores a 4.6.1, se presenta una posible corrupci\u00f3n de memoria debido a un desbordamiento de enteros durante la asignaci\u00f3n de memoria manejada inapropiadamente por pvPortCalloc y pvPortRealloc"
}
],
"id": "CVE-2021-30636",
"lastModified": "2024-11-21T06:04:20.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-24T01:15:07.870",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource",
"VDB Entry"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource",
"VDB Entry"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-32665 (GCVE-0-2022-32665)
Vulnerability from cvelistv5 – Published: 2023-01-03 00:00 – Updated: 2025-04-10 15:57
VLAI?
Summary
In Boa, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20220026; Issue ID: OSBNB00144124.
Severity ?
9.8 (Critical)
CWE
- Elevation of Privilege
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | EN7528, EN7580 |
Affected:
Linux SDK versions less than TLB7.3.258.100-P1-1555
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:46:45.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/January-2023"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-32665",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T15:56:45.718929Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T15:57:02.389Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "EN7528, EN7580",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Linux SDK versions less than TLB7.3.258.100-P1-1555"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Boa, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20220026; Issue ID: OSBNB00144124."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-03T00:00:00.000Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/January-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2022-32665",
"datePublished": "2023-01-03T00:00:00.000Z",
"dateReserved": "2022-06-09T00:00:00.000Z",
"dateUpdated": "2025-04-10T15:57:02.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32664 (GCVE-0-2022-32664)
Vulnerability from cvelistv5 – Published: 2023-01-03 00:00 – Updated: 2025-04-10 15:57
VLAI?
Summary
In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Patch ID: A20220004; Issue ID: OSBNB00140929.
Severity ?
8.8 (High)
CWE
- Elevation of Privilege
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | EN7516, EN7528, EN7529, EN7561, EN7562, EN7580 |
Affected:
Linux SDK versions less than TLM-7.3.293.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:46:45.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/January-2023"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-32664",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T15:57:21.383399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T15:57:56.050Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "EN7516, EN7528, EN7529, EN7561, EN7562, EN7580",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Linux SDK versions less than TLM-7.3.293.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Patch ID: A20220004; Issue ID: OSBNB00140929."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-03T00:00:00.000Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/January-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2022-32664",
"datePublished": "2023-01-03T00:00:00.000Z",
"dateReserved": "2022-06-09T00:00:00.000Z",
"dateUpdated": "2025-04-10T15:57:56.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-30636 (GCVE-0-2021-30636)
Vulnerability from cvelistv5 – Published: 2022-01-24 00:27 – Updated: 2024-08-03 22:40
VLAI?
Summary
In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corruption due to an integer overflow during mishandled memory allocation by pvPortCalloc and pvPortRealloc.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:40:31.750Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corruption due to an integer overflow during mishandled memory allocation by pvPortCalloc and pvPortRealloc."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-24T00:27:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-30636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corruption due to an integer overflow during mishandled memory allocation by pvPortCalloc and pvPortRealloc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-30636",
"datePublished": "2022-01-24T00:27:41",
"dateReserved": "2021-04-13T00:00:00",
"dateUpdated": "2024-08-03T22:40:31.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32665 (GCVE-0-2022-32665)
Vulnerability from nvd – Published: 2023-01-03 00:00 – Updated: 2025-04-10 15:57
VLAI?
Summary
In Boa, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20220026; Issue ID: OSBNB00144124.
Severity ?
9.8 (Critical)
CWE
- Elevation of Privilege
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | EN7528, EN7580 |
Affected:
Linux SDK versions less than TLB7.3.258.100-P1-1555
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:46:45.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/January-2023"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-32665",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T15:56:45.718929Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T15:57:02.389Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "EN7528, EN7580",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Linux SDK versions less than TLB7.3.258.100-P1-1555"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Boa, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20220026; Issue ID: OSBNB00144124."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-03T00:00:00.000Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/January-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2022-32665",
"datePublished": "2023-01-03T00:00:00.000Z",
"dateReserved": "2022-06-09T00:00:00.000Z",
"dateUpdated": "2025-04-10T15:57:02.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32664 (GCVE-0-2022-32664)
Vulnerability from nvd – Published: 2023-01-03 00:00 – Updated: 2025-04-10 15:57
VLAI?
Summary
In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Patch ID: A20220004; Issue ID: OSBNB00140929.
Severity ?
8.8 (High)
CWE
- Elevation of Privilege
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | EN7516, EN7528, EN7529, EN7561, EN7562, EN7580 |
Affected:
Linux SDK versions less than TLM-7.3.293.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:46:45.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://corp.mediatek.com/product-security-bulletin/January-2023"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-32664",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T15:57:21.383399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T15:57:56.050Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "EN7516, EN7528, EN7529, EN7561, EN7562, EN7580",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Linux SDK versions less than TLM-7.3.293.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Patch ID: A20220004; Issue ID: OSBNB00140929."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-03T00:00:00.000Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/January-2023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2022-32664",
"datePublished": "2023-01-03T00:00:00.000Z",
"dateReserved": "2022-06-09T00:00:00.000Z",
"dateUpdated": "2025-04-10T15:57:56.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-30636 (GCVE-0-2021-30636)
Vulnerability from nvd – Published: 2022-01-24 00:27 – Updated: 2024-08-03 22:40
VLAI?
Summary
In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corruption due to an integer overflow during mishandled memory allocation by pvPortCalloc and pvPortRealloc.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:40:31.750Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corruption due to an integer overflow during mishandled memory allocation by pvPortCalloc and pvPortRealloc."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-24T00:27:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-30636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corruption due to an integer overflow during mishandled memory allocation by pvPortCalloc and pvPortRealloc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-30636",
"datePublished": "2022-01-24T00:27:41",
"dateReserved": "2021-04-13T00:00:00",
"dateUpdated": "2024-08-03T22:40:31.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}