CVSS: 7.8EPSS: 0%CPEs: 63EXPL: 0CVE-2022-20053
https://notcve.org/view.php?id=CVE-2022-20053
In ims service, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219097; Issue ID: ALPS06219097. En ims service, se presenta una posible escalada de privilegios debido a una falta de comprobación de permisos. • https://corp.mediatek.com/product-security-bulletin/March-2022 • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 53EXPL: 0CVE-2021-40148
https://notcve.org/view.php?id=CVE-2021-40148
In Modem EMM, there is a possible information disclosure due to a missing data encryption. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00716585; Issue ID: ALPS05886933. En el módem EMM, se presenta una posible divulgación de información debido a una falta de cifrado de datos. • https://corp.mediatek.com/product-security-bulletin/January-2022 • CWE-319: Cleartext Transmission of Sensitive Information •