Vulnerabilities > CVE-2021-31576 - Missing Authorization vulnerability in Mediatek En7528 Firmware and En7580 Firmware

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

mediatek

CWE-862

NVD

Published: 2023-02-06

Updated: 2023-02-15

Summary

In Boa, there is a possible information disclosure due to a missing permission check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241.

Vulnerable Configurations

Part	Description	Count
OS	Mediatek Mediatek En7580 Firmware - Mediatek En7528 Firmware -	2
Hardware	Mediatek Mediatek En7580 - Mediatek En7528 -	2

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://corp.mediatek.com/product-security-acknowledgements