Location Disclosure Vulnerability in mnld from MediaTek
CVE-2023-20726
Key Information:
- Vendor
- MediaTek
- Vendor
- CVE Published:
- 15 May 2023
Summary
A security flaw in the mnld component of MediaTek products allows for potential leaks of GPS location data. This vulnerability arises from a lack of necessary permission checks, making it possible for unauthorized access to sensitive location information without any execution privileges or user interaction. The issue specifically affects several MediaTek chipsets, underscoring the need for users and developers to ensure timely updates and patches. MediaTek has addressed this vulnerability with specific patch IDs ensuring the protection of affected MT6880, MT6890, MT6980, MT6980D, and MT6990 devices.
Affected Version(s)
MT2731, MT2735, MT2737, MT6580, MT6739, MT6761, MT6762, MT6765, MT6767, MT6768, MT6769, MT6771, MT6779, MT6781, MT6783, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6896, MT6980, MT6980D, MT6983, MT6985, MT6990, MT8167, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797 Android 11.0, 12.0, 13.0 / OpenWrt 19.07, 21.02 / Yocto 2.6, 3.3 / RDKB 2022Q3
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved