Overview
- Description
- In httpclient, there is a possible out of bounds write due to uninitialized data. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WSAP00103831; Issue ID: WSAP00103831.
- Source
- security@mediatek.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- nvd@nist.gov
- CWE-908
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mediatek:nbiot_sdk:2.8.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3A839D4B-4B20-4663-A018-63F6CF6D840B"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:mt2621:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D22D1E86-2AD6-4B60-9E87-C309F928C579"
},
{
"criteria": "cpe:2.3:h:mediatek:mt2625:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "DF1AF8D8-F68E-4697-9E7A-8CDA6899F643"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]