Vulnerabilities > Mediatek > Mt8163 Firmware

DATE CVE VULNERABILITY TITLE RISK
2019-08-14 CVE-2019-15027 OS Command Injection vulnerability in Mediatek Mt6577 Firmware, Mt6625 Firmware and Mt8163 Firmware
The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on MT65xx, MT66xx, and MT8163 SoC devices allows attackers to execute arbitrary commands as root via shell metacharacters in a filename under /data, because clear_emmc_nomedia_entry in platform/mt6577/external/meta/emmc/meta_clr_emmc.c invokes 'system("/system/bin/rm -r /data/' followed by this filename upon an eMMC clearance from a Meta Mode boot.
network
low complexity
mediatek CWE-78
critical
9.8