In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234.
References
Link | Resource |
---|---|
https://corp.mediatek.com/product-security-acknowledgements | Vendor Advisory |
https://corp.mediatek.com/product-security-acknowledgements | Vendor Advisory |
Configurations
History
21 Nov 2024, 06:05
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References | () https://corp.mediatek.com/product-security-acknowledgements - Vendor Advisory |
08 Aug 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-06 22:15
Updated : 2024-11-21 06:05
NVD link : CVE-2021-31575
Mitre link : CVE-2021-31575
CVE.ORG link : CVE-2021-31575
JSON object : View
Products Affected
mediatek
- en7580_firmware
- en7580
- en7528_firmware
- en7528
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')