Overview
- Description
- In Boa, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20220026; Issue ID: OSBNB00144124.
- Source
- security@mediatek.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- nvd@nist.gov
- CWE-77
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mediatek:linkit_software_development_kit:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2ED17B72-EC4D-46FC-8816-D5FF2A9675C7",
"versionEndExcluding": "tlb7.3.258.100-p1-1555"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:en7528:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "CD990C82-4C61-479B-A49F-11A3C0812AC5"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mediatek:linkit_software_development_kit:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2ED17B72-EC4D-46FC-8816-D5FF2A9675C7",
"versionEndExcluding": "tlb7.3.258.100-p1-1555"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mediatek:en7580:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "061DBB68-80AF-4016-AAE0-EE9DFDFB341B"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]