Remote Denial of Service in MediaTek WLAN Firmware
CVE-2023-32820

7.5HIGH

Key Information:

Vendor: MediaTek
Status: Mt5221, Mt6781, Mt6833, Mt6853, Mt6853t, Mt6855, Mt6873, Mt6875, Mt6877, Mt6879, Mt6883, Mt6885, Mt6886, Mt6889, Mt6891, Mt6893, Mt6895, Mt6983, Mt6985, Mt7663, Mt7668, Mt7902, Mt7921, Mt8168, Mt8365, Mt8518s, Mt8532, Mt8666, Mt8673, Mt8675, Mt8695, Mt8766, Mt8768, Mt8781, Mt8786, Mt8789, Mt8791, Mt8797, Mt8798
Vendor: CVE Published:; 2 October 2023

Summary

The MediaTek WLAN firmware has a vulnerability that arises from improper input handling, potentially allowing for remote denial of service. This issue can be exploited without any user interaction and does not require additional execution privileges. As a result, attackers may be able to disrupt the normal functionality of the affected devices. A patch is available, identified by Patch ID ALPS07932637. For further information, refer to the MediaTek security bulletin.

Affected Version(s)

MT5221, MT6781, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT7663, MT7668, MT7902, MT7921, MT8168, MT8365, MT8518S, MT8532, MT8666, MT8673, MT8675, MT8695, MT8766, MT8768, MT8781, MT8786, MT8789, MT8791, MT8797, MT8798 Android 11.0, 12.0, 13.0 / Linux 4.19 / Yocto 3.1, 3.3 / IOT-v23.0

References

https://corp.mediatek.com/product-security-bulletin/Octob...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 2, 2023
Vulnerability Reserved
May 16, 2023