CVSS: 6.7EPSS: 0%CPEs: 34EXPL: 0CVE-2024-20022
https://notcve.org/view.php?id=CVE-2024-20022
04 Mar 2024 — In lk, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528255; Issue ID: ALPS08528255. • https://corp.mediatek.com/product-security-bulletin/March-2024 • CWE-125: Out-of-bounds Read •
CVSS: 3.3EPSS: 0%CPEs: 67EXPL: 0CVE-2023-20726
https://notcve.org/view.php?id=CVE-2023-20726
15 May 2023 — In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only); Issue ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only). • https://corp.mediatek.com/product-security-bulletin/May-2023 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6964
https://notcve.org/view.php?id=CVE-2019-6964
20 Jun 2019 — A heap-based buffer over-read in Service_SetParamStringValue in cosa_x_cisco_com_ddns_dml.c of the RDK RDKB-20181217-1 CcspPandM module may allow attackers with login credentials to achieve information disclosure and code execution by crafting an AJAX call responsible for DDNS configuration with an exactly 64-byte username, password, or domain, for which the buffer size is insufficient for the final '\0' character. This is related to the CcspCommonLibrary and WebUI modules. Una lectura en exceso del búfer e... • https://dojo.bullguard.com/dojo-by-bullguard/blog/the-gateway-is-wide-open • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2019-6963
https://notcve.org/view.php?id=CVE-2019-6963
20 Jun 2019 — A heap-based buffer overflow in cosa_dhcpv4_dml.c in the RDK RDKB-20181217-1 CcspPandM module may allow attackers with login credentials to achieve remote code execution by crafting a long buffer in the "Comment" field of an IP reservation form in the admin panel. This is related to the CcspCommonLibrary module. Un desbordamiento de búfer en la región heap de la memoria en el archivo cosa_dhcpv4_dml.c en el módulo CcspPandM de RDK RDKB-20181217-1, puede permitir que los atacantes con credenciales Login logr... • https://dojo.bullguard.com/dojo-by-bullguard/blog/the-gateway-is-wide-open • CWE-787: Out-of-bounds Write •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6962
https://notcve.org/view.php?id=CVE-2019-6962
20 Jun 2019 — A shell injection issue in cosa_wifi_apis.c in the RDK RDKB-20181217-1 CcspWifiAgent module allows attackers with login credentials to execute arbitrary shell commands under the CcspWifiSsp process (running as root) if the platform was compiled with the ENABLE_FEATURE_MESHWIFI macro. The attack is conducted by changing the Wi-Fi network password to include crafted escape characters. This is related to the WebUI module. Un problema de inyección de shell en el módulo cosa_wifi_apis.c en el RDK RDKB-20181217-1... • https://dojo.bullguard.com/dojo-by-bullguard/blog/the-gateway-is-wide-open • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6961
https://notcve.org/view.php?id=CVE-2019-6961
20 Jun 2019 — Incorrect access control in actionHandlerUtility.php in the RDK RDKB-20181217-1 WebUI module allows a logged in user to control DDNS, QoS, RIP, and other privileged configurations (intended only for the network operator) by sending an HTTP POST to the PHP backend, because the page filtering for non-superuser (in header.php) is done only for GET requests and not for direct AJAX calls. Control de acceso incorrecto en actionHandlerUtility.php en el RDK RDKB-20181217-1 El módulo WebUI permite que un usuario reg... • https://dojo.bullguard.com/dojo-by-bullguard/blog/the-gateway-is-wide-open • CWE-862: Missing Authorization •