Vulnerabilities > CVE-2021-31578 - Out-of-bounds Write vulnerability in Mediatek En7528 Firmware and En7580 Firmware

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

mediatek

CWE-787

critical

NVD

Published: 2023-02-06

Updated: 2023-02-15

Summary

In Boa, there is a possible escalation of privilege due to a stack buffer overflow. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241.

Vulnerable Configurations

Part	Description	Count
OS	Mediatek Mediatek En7580 Firmware - Mediatek En7528 Firmware -	2
Hardware	Mediatek Mediatek En7580 - Mediatek En7528 -	2

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://corp.mediatek.com/product-security-acknowledgements