21.02.0

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

openwrt

NVD

Published: 2023-09-04

Updated: 2023-09-07

Summary

In wlan service, there is a possible command injection due to improper input validation. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00244189; Issue ID: WCNCR00244189.

Vulnerable Configurations

Part	Description	Count
OS	Openwrt Openwrt Openwrt 19.07.0 Openwrt Openwrt 21.02.0	2
Hardware	Mediatek Mediatek Mt6890 - Mediatek Mt7603 - Mediatek Mt7612 - Mediatek Mt7613 - Mediatek Mt7615 - Mediatek Mt7622 - Mediatek Mt7626 - Mediatek Mt7629 - Mediatek Mt7915 - Mediatek Mt7916 - Mediatek Mt7981 - Mediatek Mt7986 - Mediatek Mt7990 -	13

References

https://corp.mediatek.com/product-security-bulletin/September-2023