Out of Bounds Write Vulnerability in NVRAM by MediaTek
CVE-2023-20790
Key Information:
- Vendor
- MediaTek
- Vendor
- CVE Published:
- 7 August 2023
Summary
A potential out of bounds write vulnerability exists in the NVRAM component of MediaTek products. This flaw arises from a missing bounds check, which can lead to local information disclosure, necessitating system execution privileges for exploitation. Notably, user interaction is not required for the attack, allowing it to be executed without prior consent from the user. A patch has been issued to address this vulnerability, emphasizing the importance of maintaining updated software to safeguard against potential exploits.
Affected Version(s)
MT2713, MT2735, MT2737, MT6739, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6980, MT6983, MT6985, MT6990, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797 Android 12.0, 13.0 / OpenWrt 19.07, 21.02 / RDK-B 22Q3 / Yocto 2.6, 3.3
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved