Vulnerabilities > CVE-2021-31577 - Missing Authorization vulnerability in Mediatek En7528 Firmware and En7580 Firmware

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

mediatek

CWE-862

critical

NVD

Published: 2023-02-06

Updated: 2023-08-08

Summary

In Boa, there is a possible escalation of privilege due to a missing permission check. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241.

Vulnerable Configurations

Part	Description	Count
OS	Mediatek Mediatek En7580 Firmware * Mediatek En7528 Firmware *	2
Hardware	Mediatek Mediatek En7580 - Mediatek En7528 -	2

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://corp.mediatek.com/product-security-acknowledgements