Denial of Service Vulnerability in Mediatek WLAN Firmware
CVE-2023-20692

7.5HIGH

Key Information:

Vendor: MediaTek
Status: Mt6739, Mt8167, Mt8168, Mt8321, Mt8365, Mt8385, Mt8666, Mt8765, Mt8788
Vendor: CVE Published:; 4 July 2023

Summary

A vulnerability exists in Mediatek's WLAN firmware that may cause a system crash due to an uncaught exception. This flaw allows for a potential remote denial of service attack without requiring additional execution privileges or user interaction, thus posing a significant risk to devices using the affected firmware. Timely patching is advised to mitigate this risk.

Affected Version(s)

MT6739, MT8167, MT8168, MT8321, MT8365, MT8385, MT8666, MT8765, MT8788 Android 11.0 / IOT-v23.0 (Yocto 4.0)

References

https://corp.mediatek.com/product-security-bulletin/July-...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 4, 2023
Vulnerability Reserved
Oct 28, 2022