Command Injection Vulnerability in MediaTek WLAN Service
CVE-2023-20820

7.2HIGH

Key Information:

Vendor

MediaTek
Status
Mt6890, Mt7603, Mt7612, Mt7613, Mt7615, Mt7622, Mt7626, Mt7629, Mt7915, Mt7916, Mt7981, Mt7986, Mt7990
Vendor
CVE Published:
4 September 2023

What is CVE-2023-20820?

The WLAN service developed by MediaTek is susceptible to a command injection vulnerability caused by inadequate input validation. This security flaw could allow an attacker to execute remote code with system-level privileges, enabling potential unauthorized access and manipulation of the system. Importantly, user interaction is not necessary for an attacker to exploit this vulnerability, increasing the risk of exploitation for affected systems. MediaTek has issued a patch (Patch ID: WCNCR00244189) to address this issue. For detailed information, refer to the product security bulletin from MediaTek.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

MT6890, MT7603, MT7612, MT7613, MT7615, MT7622, MT7626, MT7629, MT7915, MT7916, MT7981, MT7986, MT7990 OpenWRT 19.07, 21.02

References

https://corp.mediatek.com/product-security-bulletin/Septe...

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.