Out of Bounds Read Vulnerability in MediaTek WLAN Products
CVE-2023-20732

6.7MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt6761, Mt6762, Mt6765, Mt6768, Mt6769, Mt6779, Mt6781, Mt6785, Mt6789, Mt6833, Mt6835, Mt6853, Mt6855, Mt6873, Mt6875, Mt6877, Mt6879, Mt6883, Mt6885, Mt6886, Mt6889, Mt6891, Mt6893, Mt6895, Mt6983, Mt6985, Mt7663, Mt7668, Mt7902, Mt7921, Mt8167, Mt8167s, Mt8173, Mt8175, Mt8195, Mt8362a, Mt8365, Mt8385, Mt8518, Mt8532, Mt8666, Mt8695, Mt8781, Mt8788
Vendor: CVE Published:; 6 June 2023

What is CVE-2023-20732?

A vulnerability has been identified in MediaTek's WLAN products, where a potential out of bounds read occurs due to a lack of proper bounds checking. This flaw could lead to the exposure of sensitive information on systems with the vulnerable components. Importantly, no user interaction is required for an attacker to exploit this vulnerability, highlighting the necessity for immediate attention to security updates and patch management.

Affected Version(s)

MT6761, MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT7663, MT7668, MT7902, MT7921, MT8167, MT8167S, MT8173, MT8175, MT8195, MT8362A, MT8365, MT8385, MT8518, MT8532, MT8666, MT8695, MT8781, MT8788 Android 12.0, 13.0 / Yocto 3.1,3.3,4.0

References

https://corp.mediatek.com/product-security-bulletin/June-...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 6, 2023
Vulnerability Reserved
Oct 28, 2022