Memory Corruption Vulnerability in Wi-Fi Firmware by MediaTek
CVE-2022-21745

8.8HIGH

Key Information:

Vendor

MediaTek
Status
Mt6761, Mt6762, Mt6765, Mt6768, Mt6769, Mt6779, Mt6781, Mt6785, Mt6789, Mt6833, Mt6853, Mt6853t, Mt6873, Mt6875, Mt6877, Mt6879, Mt6883, Mt6885, Mt6889, Mt6891, Mt6893, Mt6895, Mt6983, Mt6985, Mt8167s, Mt8168, Mt8175, Mt8183, Mt8185, Mt8362a, Mt8365, Mt8385, Mt8667, Mt8675, Mt8695, Mt8696, Mt8766, Mt8768, Mt8786, Mt8788, Mt8789, Mt8791, Mt8797
Vendor
CVE Published:
6 June 2022

What is CVE-2022-21745?

The Wi-Fi Firmware by MediaTek is susceptible to a memory corruption issue caused by a use-after-free vulnerability. This flaw allows attackers to exploit devices connecting to malicious Wi-Fi hotspots, enabling remote privilege escalation without any additional execution privileges. Notably, no user interaction is required for exploitation, making this vulnerability particularly concerning for users connected to compromised networks. Patching is recommended to mitigate potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8167S, MT8168, MT8175, MT8183, MT8185, MT8362A, MT8365, MT8385, MT8667, MT8675, MT8695, MT8696, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797 Android 10.0, 11.0, 12.0

References

https://corp.mediatek.com/product-security-bulletin/June-...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.