The MediaTek Product Security Bulletin contains details of security vulnerabilities affecting MediaTek Smartphone, Tablet, AIoT, Smart display, Wi-Fi and TV chipsets. Device OEMs have been notified of all the issues and the corresponding security patches for at least two months before publication.
The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).
The severity of the identified vulnerabilities was conducted based on the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).
Summary
Details
| CVE | CVE-2021-40148 |
|---|---|
| Title | Information disclosure in Modem EMM |
| Severity | High |
| Vulnerability Type | ID |
| CWE | CWE-200 Information Disclosure |
| Description | In Modem EMM, there is a possible information disclosure due to a missing data encryption. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT2731, MT2735, MT3967, MT6297, MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769T, MT6769Z, MT6771, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6833, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8666, MT8675, MT8765, MT8766, MT8768, MT8771, MT8786, MT8788, MT8791, MT8797 |
| Affected Software Versions | Modem L9, LR11, LR12, LR12A, LR13, NR15 |
| CVE | CVE-2021-35055 |
|---|---|
| Title | Out-of-bounds write in wifi driver |
| Severity | High |
| Vulnerability Type | EoP |
| CWE | CWE-787 Out-of-bounds Write |
| Description | In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege from a proximal attacker, if WPS is used, with no additional execution privileges needed. User interaction is needed for exploitation. |
| Affected Chipsets | MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915 |
| Affected Software Versions | 7.4.0.0 |
| CVE | CVE-2021-37560 |
|---|---|
| Title | Out-of-bounds write in wifi driver |
| Severity | High |
| Vulnerability Type | EoP |
| CWE | CWE-787 Out-of-bounds Write |
| Description | In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege from a proximal attacker, if WPS is used, with no additional execution privileges needed. User interaction is needed for exploitation. |
| Affected Chipsets | MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915 |
| Affected Software Versions | 7.4.0.0 |
| CVE | CVE-2021-37561 |
|---|---|
| Title | Out-of-bounds write in wifi driver |
| Severity | High |
| Vulnerability Type | EoP |
| CWE | CWE-787 Out-of-bounds Write |
| Description | In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege from a proximal attacker, if WPS is used, with no additional execution privileges needed. User interaction is needed for exploitation. |
| Affected Chipsets | MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915 |
| Affected Software Versions | 7.4.0.0 |
| CVE | CVE-2021-37584 |
|---|---|
| Title | Out-of-bounds write in wifi driver |
| Severity | High |
| Vulnerability Type | EoP |
| CWE | CWE-787 Out-of-bounds Write |
| Description | In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege from a proximal attacker, if WPS is used, with no additional execution privileges needed. User interaction is needed for exploitation. |
| Affected Chipsets | MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915 |
| Affected Software Versions | 7.4.0.0 |
| CVE | CVE-2021-37563 |
|---|---|
| Title | Out-of-bounds write in wifi driver |
| Severity | High |
| Vulnerability Type | EoP |
| CWE | CWE-787 Out-of-bounds Write |
| Description | In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege from a proximal attacker, if WPS is used, with no additional execution privileges needed. User interaction is needed for exploitation. |
| Affected Chipsets | MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915 |
| Affected Software Versions | 7.4.0.0 |
| CVE | CVE-2021-37566 |
|---|---|
| Title | Out-of-bounds write in 1905 daemon |
| Severity | High |
| Vulnerability Type | EoP |
| CWE | CWE-787 Out-of-bounds Write |
| Description | In 1905 daemon, there is a possible out of bounds write due to a incorrect bounds check. This could lead to remote escalation of privilege from a proximal attacker, if Wi-Fi EasyMesh R2 is used, with no additional execution privileges needed. User interaction is needed for exploitation. |
| Affected Chipsets | MT7603E, MT7610, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915 |
| Affected Software Versions | 2.0.2 |
| CVE | CVE-2021-37569 |
|---|---|
| Title | Out-of-bounds write in 1905 daemon |
| Severity | High |
| Vulnerability Type | EoP |
| CWE | CWE-787 Out-of-bounds Write |
| Description | In 1905 daemon, there is a possible out of bounds write due to a incorrect bounds check. This could lead to remote escalation of privilege from a proximal attacker, if Wi-Fi EasyMesh R2 is used, with no additional execution privileges needed. User interaction is needed for exploitation. |
| Affected Chipsets | MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915 |
| Affected Software Versions | 2.0.2 |
| CVE | CVE-2021-37568 |
|---|---|
| Title | Out-of-bounds write in 1905 daemon |
| Severity | High |
| Vulnerability Type | EoP |
| CWE | CWE-787 Out-of-bounds Write |
| Description | In 1905 daemon, there is a possible out of bounds write due to a incorrect bounds check. This could lead to remote escalation of privilege from a proximal attacker, if Wi-Fi EasyMesh R2 is used, with no additional execution privileges needed. User interaction is needed for exploitation. |
| Affected Chipsets | MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915 |
| Affected Software Versions | 2.0.2 |
| CVE | CVE-2021-37583 |
|---|---|
| Title | Out-of-bounds write in 1905 daemon |
| Severity | High |
| Vulnerability Type | EoP |
| CWE | CWE-787 Out-of-bounds Write |
| Description | In 1905 daemon, there is a possible out of bounds write due to a incorrect bounds check. This could lead to remote escalation of privilege from a proximal attacker, if Wi-Fi EasyMesh R2 is used, with no additional execution privileges needed. User interaction is needed for exploitation. |
| Affected Chipsets | MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915 |
| Affected Software Versions | 2.0.2 |
| CVE | CVE-2021-37571 |
|---|---|
| Title | Out-of-bounds write in 1905 daemon |
| Severity | High |
| Vulnerability Type | EoP |
| CWE | CWE-787 Out-of-bounds Write |
| Description | In 1905 daemon, there is a possible out of bounds write due to a incorrect bounds check. This could lead to remote escalation of privilege from a proximal attacker, if Wi-Fi EasyMesh R2 is used, with no additional execution privileges needed. User interaction is needed for exploitation. |
| Affected Chipsets | MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915 |
| Affected Software Versions | 2.0.2 |
| CVE | CVE-2021-31345 |
|---|---|
| Title | Improper restriction of operations within the bounds of a memory buffer in Modem |
| Severity | High |
| Vulnerability Type | ID |
| CWE | CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer |
| Description | In Modem UDP protocol integrated from Nucleus NET TCP/IP software, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure or denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT2735, MT6779, MT6781, MT6783, MT6785, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8771, MT8789, MT8791, MT8797 |
| Affected Software Versions | Modem LR13, NR15 |
| CVE | CVE-2021-31346 |
|---|---|
| Title | Improper restriction of operations within the bounds of a memory buffer in Modem |
| Severity | High |
| Vulnerability Type | ID |
| CWE | CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer |
| Description | In Modem ICMP protocol integrated from Nucleus NET TCP/IP software, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure or denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT2735, MT6779, MT6781, MT6783, MT6785, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8771, MT8789, MT8791, MT8797 |
| Affected Software Versions | Modem LR13, NR15 |
| CVE | CVE-2021-31889 |
|---|---|
| Title | Improper restriction of operations within the bounds of a memory buffer in Modem |
| Severity | High |
| Vulnerability Type | DoS |
| CWE | CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer |
| Description | In Modem TCP protocol integrated from Nucleus NET TCP/IP software, there is a possible system crash due to an improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT2731, MT2735, MT6725, MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769T, MT6769Z, MT6771, MT6779, MT6781, MT6783, MT6785, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8765, MT8766, MT8768, MT8771, MT8786, MT8788, MT8789, MT8791, MT8797 |
| Affected Software Versions | Modem LR12A, LR13, NR15 |
| CVE | CVE-2021-31890 |
|---|---|
| Title | Improper restriction of operations within the bounds of a memory buffer in Modem |
| Severity | High |
| Vulnerability Type | ID |
| CWE | CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer |
| Description | In Modem TCP protocol integrated from Nucleus NET TCP/IP software, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure or denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT2735, MT6779, MT6781, MT6783, MT6785, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8771, MT8789, MT8791, MT8797 |
| Affected Software Versions | Modem LR13, NR15 |
| CVE | CVE-2022-20012 |
|---|---|
| Title | Integer overflow or wraparound in mdp driver |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-190 Integer Overflow or Wraparound |
| Description | In mdp driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6580, MT6739, MT6750, MT6750S, MT6753, MT6755, MT6757, MT6761, MT6762, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8127, MT8163, MT8167, MT8168, MT8169, MT8173, MT8183, MT8188, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8788 |
| Affected Software Versions | Android 10.0, 11.0, 12.0 |
| CVE | CVE-2022-20013 |
|---|---|
| Title | Time-of-check time-of-use (toctou) race condition in vow driver |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition |
| Description | In vow driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8185, MT8789, MT8791, MT8797 |
| Affected Software Versions | Android 10.0, 11.0 |
| CVE | CVE-2022-20014 |
|---|---|
| Title | Improper input validation in vow driver |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-20 Improper Input Validation |
| Description | In vow driver, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8183, MT8185, MT8385, MT8788, MT8789 |
| Affected Software Versions | Android 10.0, 11.0, 12.0 |
| CVE | CVE-2022-20015 |
|---|---|
| Title | Exposure of sensitive information to an unauthorized actor in kd_camera_hw driver |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-200 Exposure of Sensitive Information to an Unauthorized Actor |
| Description | In kd_camera_hw driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6739, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6893, MT8169 |
| Affected Software Versions | Android 10.0, 11.0 |
| CVE | CVE-2022-20016 |
|---|---|
| Title | Improper restriction of operations within the bounds of a memory buffer in vow driver |
| Severity | Medium |
| Vulnerability Type | EoP |
| CWE | CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer |
| Description | In vow driver, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8185, MT8789, MT8791, MT8797 |
| Affected Software Versions | Android 10.0, 11.0 |
| CVE | CVE-2022-20018 |
|---|---|
| Title | Exposure of sensitive information to an unauthorized actor in seninf driver |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-200 Exposure of Sensitive Information to an Unauthorized Actor |
| Description | In seninf driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6580, MT6739, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8167, MT8168, MT8173, MT8362A, MT8365 |
| Affected Software Versions | Android 10.0, 11.0, 12.0 |
| CVE | CVE-2022-20019 |
|---|---|
| Title | Exposure of sensitive information to an unauthorized actor in libMtkOmxGsmDec |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-200 Exposure of Sensitive Information to an Unauthorized Actor |
| Description | In libMtkOmxGsmDec, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6595, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8768 |
| Affected Software Versions | Android 10.0, 11.0 |
| CVE | CVE-2022-20020 |
|---|---|
| Title | Exposure of sensitive information to an unauthorized actor in libvcodecdrv |
| Severity | Medium |
| Vulnerability Type | ID |
| CWE | CWE-200 Exposure of Sensitive Information to an Unauthorized Actor |
| Description | In libvcodecdrv, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6739, MT6768, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8167, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797 |
| Affected Software Versions | Android 11.0 |
| CVE | CVE-2022-20021 |
|---|---|
| Title | Expected behavior violation in Bluetooth |
| Severity | Medium |
| Vulnerability Type | DoS |
| CWE | CWE-440 Expected Behavior Violation |
| Description | In Bluetooth, there is a possible application crash due to bluetooth does not properly handle the reception of multiple LMP_host_connection_req. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6580, MT6630, MT6735, MT6737, MT6739, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6763, MT6771, MT7662T, MT7663, MT7668, MT8163, MT8167, MT8167S, MT8173, MT8183, MT8321, MT8362A, MT8362B, MT8385, MT8765, MT8788 |
| Affected Software Versions | Android 10.0, 11.0 |
| CVE | CVE-2022-20022 |
|---|---|
| Title | Expected behavior violation in Bluetooth |
| Severity | Medium |
| Vulnerability Type | DoS |
| CWE | CWE-440 Expected Behavior Violation |
| Description | In Bluetooth, there is a possible link disconnection due to bluetooth does not properly handle a connection attempt from a host with the same BD address as the currently connected BT host. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6580, MT6630, MT6735, MT6737, MT6739, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6763, MT6771, MT7662T, MT7663, MT7668, MT8163, MT8167, MT8167S, MT8173, MT8183, MT8321, MT8362A, MT8362B, MT8385, MT8765, MT8788 |
| Affected Software Versions | Android 10.0, 11.0 |
| CVE | CVE-2022-20023 |
|---|---|
| Title | Expected behavior violation in Bluetooth |
| Severity | Medium |
| Vulnerability Type | DoS |
| CWE | CWE-440 Expected Behavior Violation |
| Description | In Bluetooth, there is a possible application crash due to bluetooth flooding a device with LMP_AU_rand packet. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT6580, MT6630, MT6735, MT6737, MT6739, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6889, MT6893, MT7662T, MT7663, MT7668, MT7915, MT7920, MT7921, MT7922, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8195, MT8321, MT8362A, MT8362B, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797 |
| Affected Software Versions | Android 10.0, 11.0 |
| CVE | CVE-2021-32467 |
|---|---|
| Title | Out-of-bounds read in wifi driver |
| Severity | Medium |
| Vulnerability Type | DoS |
| CWE | CWE-125 Out-of-bounds Read |
| Description | In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service from a proximal attacker, if WPS is used, with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915 |
| Affected Software Versions | 7.4.0.0 |
| CVE | CVE-2021-32468 |
|---|---|
| Title | Out-of-bounds read in wifi driver |
| Severity | Medium |
| Vulnerability Type | DoS |
| CWE | CWE-125 Out-of-bounds Read |
| Description | In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service from a proximal attacker, if WPS is used, with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915 |
| Affected Software Versions | 7.4.0.0 |
| CVE | CVE-2021-32469 |
|---|---|
| Title | Out-of-bounds read in wifi driver |
| Severity | Medium |
| Vulnerability Type | DoS |
| CWE | CWE-125 Out-of-bounds Read |
| Description | In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service from a proximal attacker, if WPS is used, with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915 |
| Affected Software Versions | 7.4.0.0 |
| CVE | CVE-2021-37562 |
|---|---|
| Title | Out-of-bounds read in wifi driver |
| Severity | Medium |
| Vulnerability Type | DoS |
| CWE | CWE-125 Out-of-bounds Read |
| Description | In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service from a proximal attacker, if WPS is used, with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915 |
| Affected Software Versions | 7.4.0.0 |
| CVE | CVE-2021-37567 |
|---|---|
| Title | Out-of-bounds read in 1905 daemon |
| Severity | Medium |
| Vulnerability Type | DoS |
| CWE | CWE-125 Out-of-bounds Read |
| Description | In 1905 daemon, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service from a proximal attacker, if Wi-Fi EasyMesh R2 is used, with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915 |
| Affected Software Versions | 2.0.2 |
| CVE | CVE-2021-37565 |
|---|---|
| Title | Out-of-bounds read in 1905 daemon |
| Severity | Medium |
| Vulnerability Type | DoS |
| CWE | CWE-125 Out-of-bounds Read |
| Description | In 1905 daemon, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service from a proximal attacker, if Wi-Fi EasyMesh R2 is used, with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915 |
| Affected Software Versions | 2.0.2 |
| CVE | CVE-2021-37564 |
|---|---|
| Title | Out-of-bounds read in 1905 daemon |
| Severity | Medium |
| Vulnerability Type | DoS |
| CWE | CWE-125 Out-of-bounds Read |
| Description | In 1905 daemon, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service from a proximal attacker, if Wi-Fi EasyMesh R2 is used, with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915 |
| Affected Software Versions | 2.0.2 |
| CVE | CVE-2021-37570 |
|---|---|
| Title | Out-of-bounds read in 1905 daemon |
| Severity | Medium |
| Vulnerability Type | DoS |
| CWE | CWE-125 Out-of-bounds Read |
| Description | In 1905 daemon, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service from a proximal attacker, if Wi-Fi EasyMesh R2 is used, with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915 |
| Affected Software Versions | 2.0.2 |
| CVE | CVE-2021-37572 |
|---|---|
| Title | Missing authorization in 1905 daemon |
| Severity | Medium |
| Vulnerability Type | DoS |
| CWE | CWE-862 Missing Authorization |
| Description | In 1905 daemon, there is a possible missing authorization due to a missing permission check. This could lead to remote denial of service from a proximal attacker, if attacker can connect to Wi-Fi using EasyMesh R2, with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915 |
| Affected Software Versions | 2.0.2 |
| CVE | CVE-2021-41788 |
|---|---|
| Title | Improper input validation in wifi driver |
| Severity | Medium |
| Vulnerability Type | DoS |
| CWE | CWE-20 Improper Input Validation |
| Description | In wifi driver, there is a possible system crash due to a missing validation check. This could lead to remote denial of service from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT7603E, MT7612, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915 |
| Affected Software Versions | 7.4.0.0 |
| CVE | CVE-2021-41789 |
|---|---|
| Title | Improper input validation in wifi driver |
| Severity | Medium |
| Vulnerability Type | DoS |
| CWE | CWE-20 Improper Input Validation |
| Description | In wifi driver, there is a possible system crash due to a missing validation check. This could lead to remote denial of service from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. |
| Affected Chipsets | MT7615, MT7622 |
| Affected Software Versions | 4.4.1.1 |
Vulnerability Type Definition
| Abbreviation | Definition |
|---|---|
| RCE | Remote Code Execution |
| EoP | Elevation of Privilege |
| ID | Information Disclosure |
| DoS | Denial of Service |
| N/A | Classification not available |
Versions
| Version | Date | Description |
| 1.0 | January 3, 2022 | Bulletin published. |
Notes
Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed.
If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.
If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Security Vulnerability page on MediaTek website.