Integer Overflow Vulnerability in Mediatek WLAN Firmware
CVE-2023-20689

7.5HIGH

Key Information:

Vendor: MediaTek
Status: Mt6739, Mt8167, Mt8321, Mt8365, Mt8385, Mt8666, Mt8765, Mt8788
Vendor: CVE Published:; 4 July 2023

Summary

The wlan firmware from Mediatek is susceptible to an integer overflow vulnerability, which can potentially cause a system crash. This flaw enables a remote denial of service without the need for user interaction or elevated execution privileges, posing a significant risk to network stability. Affected users should apply the patch identified as ALPS07664741 to mitigate this issue.

Affected Version(s)

MT6739, MT8167, MT8321, MT8365, MT8385, MT8666, MT8765, MT8788 Android 11.0 / IOT-v23.0 (Yocto 4.0)

References

https://corp.mediatek.com/product-security-bulletin/July-...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 4, 2023
Vulnerability Reserved
Oct 28, 2022