CVSS: 7.8EPSS: 0%CPEs: 44EXPL: 0CVE-2022-20012
https://notcve.org/view.php?id=CVE-2022-20012
In mdp driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05836478; Issue ID: ALPS05836478. En el controlador mdp, se presenta una posible corrupción de memoria debido a un desbordamiento de enteros. • https://corp.mediatek.com/product-security-bulletin/January-2022 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-41789
https://notcve.org/view.php?id=CVE-2021-41789
In wifi driver, there is a possible system crash due to a missing validation check. This could lead to remote denial of service from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20190426015; Issue ID: GN20190426015. En el controlador wifi, se presenta un posible fallo del sistema debido a una falta de comprobación de comprobación. • https://corp.mediatek.com/product-security-bulletin/January-2022 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 53EXPL: 0CVE-2021-40148
https://notcve.org/view.php?id=CVE-2021-40148
In Modem EMM, there is a possible information disclosure due to a missing data encryption. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00716585; Issue ID: ALPS05886933. En el módem EMM, se presenta una posible divulgación de información debido a una falta de cifrado de datos. • https://corp.mediatek.com/product-security-bulletin/January-2022 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 9.3EPSS: 0%CPEs: 20EXPL: 0CVE-2021-35055
https://notcve.org/view.php?id=CVE-2021-35055
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds write). Los microchips de MediaTek, usados en dispositivos NETGEAR versiones hasta 11-11-2021 y otros dispositivos, manejan inapropiadamente el protocolo WPS (Wi-Fi Protected Setup). (Chipsets afectados MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, ??MT7628, MT7629, MT7915; Versiones de software afectadas 7.4.0.0; Escritura fuera de límites). • https://corp.mediatek.com/product-security-bulletin/January-2022 https://kb.netgear.com/000064368/Security-Advisory-for-WiFi-WPS-and-IEEE-1905-Vulnerabilities-on-Multiple-Products-PSV-2021-0298-PSV-2021-0300 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 20EXPL: 0CVE-2021-37560
https://notcve.org/view.php?id=CVE-2021-37560
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds write). Los microchips de MediaTek, usados en dispositivos NETGEAR versiones hasta 11-11-2021 y otros dispositivos, manejan inapropiadamente el protocolo WPS (Wi-Fi Protected Setup). (Chipsets afectados MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, ??MT7628, MT7629, MT7915; Versiones de software afectadas 7.4.0.0; Escritura fuera de límites). • https://corp.mediatek.com/product-security-bulletin/January-2022 https://kb.netgear.com/000064368/Security-Advisory-for-WiFi-WPS-and-IEEE-1905-Vulnerabilities-on-Multiple-Products-PSV-2021-0298-PSV-2021-0300 • CWE-787: Out-of-bounds Write •