CVE-2022-21745

HIGH

8.8

Descripcion

In WIFI Firmware, there is a possible memory corruption due to a use after free. This could lead to remote escalation of privilege, when devices are connecting to the attacker-controllable Wi-Fi hotspot, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06468872; Issue ID: ALPS06468872.

Detalles CVE

Puntuacion CVSS v3.18.8

SeveridadHIGH

Vector CVSSCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vector de ataqueADJACENT_NETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado6/6/2022

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

google:androidmediatek:mt6761mediatek:mt6762mediatek:mt6765mediatek:mt6768mediatek:mt6769mediatek:mt6779mediatek:mt6781mediatek:mt6785mediatek:mt6789mediatek:mt6833mediatek:mt6853mediatek:mt6853tmediatek:mt6873mediatek:mt6875mediatek:mt6877mediatek:mt6879mediatek:mt6883mediatek:mt6885mediatek:mt6889mediatek:mt6891mediatek:mt6893mediatek:mt6895mediatek:mt6983mediatek:mt6985mediatek:mt8167smediatek:mt8168mediatek:mt8175mediatek:mt8183mediatek:mt8185mediatek:mt8362amediatek:mt8365mediatek:mt8385mediatek:mt8667mediatek:mt8675mediatek:mt8695mediatek:mt8696mediatek:mt8766mediatek:mt8768mediatek:mt8786mediatek:mt8788mediatek:mt8789mediatek:mt8791mediatek:mt8797

Debilidades (CWE)

CWE-416

Referencias

https://corp.mediatek.com/product-security-bulletin/June-2022(security@mediatek.com)

https://corp.mediatek.com/product-security-bulletin/June-2022(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.