Command Injection Vulnerability in MediaTek Config Manager
CVE-2021-31573

9.8CRITICAL

Key Information:

Vendor
MediaTek
Status
En7528, En7580
Vendor
CVE Published:
6 February 2023

Summary

A command injection vulnerability exists in MediaTek's Config Manager due to inadequate input validation. This flaw allows a proximal attacker to escalate privileges without requiring any prior execution rights or user interaction. Immediate action is recommended to mitigate potential risks associated with this vulnerability.

Affected Version(s)

EN7528, EN7580 Linux SDK versions less than TLM7.3.275.0-82

References

https://corp.mediatek.com/product-security-acknowledgements

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.