Vulnerability in WLAN Driver Affecting MediaTek Devices
CVE-2023-32831

5.5MEDIUM

Key Information:

Vendor: MediaTek
Status: MT6890, MT7612, MT7613, MT7615, MT7622, MT7626, MT7629, MT7915, MT7916, MT7981, MT7986
Vendor: CVE Published:; 2 January 2024

Summary

A vulnerability has been identified in the WLAN driver of MediaTek products, arising from the use of insufficiently random values that could allow local information disclosure without requiring execution privileges. This issue poses a risk of unauthorized access to sensitive information, as user interaction is not necessary for the exploitation to occur. MediaTek has issued a patch labeled WCNCR00325055 to address this vulnerability, and users are advised to apply this update promptly to enhance their security posture.

Affected Version(s)

MT6890, MT7612, MT7613, MT7615, MT7622, MT7626, MT7629, MT7915, MT7916, MT7981, MT7986 SDK version 7.6.7.1 and before

References

https://corp.mediatek.com/product-security-bulletin/Janua...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 2, 2024
Vulnerability Reserved
May 16, 2023