CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-20635
https://notcve.org/view.php?id=CVE-2025-20635
03 Feb 2025 — In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09403752; Issue ID: MSV-2434. • https://corp.mediatek.com/product-security-bulletin/February-2025 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2024-54143 – openwrt/asu allows build artifact poisoning via truncated SHA-256 hash and command injection
https://notcve.org/view.php?id=CVE-2024-54143
06 Dec 2024 — openwrt/asu is an image on demand server for OpenWrt based distributions. The request hashing mechanism truncates SHA-256 hashes to only 12 characters. This significantly reduces entropy, making it feasible for an attacker to generate collisions. By exploiting this, a previously built malicious image can be served in place of a legitimate one, allowing the attacker to "poison" the artifact cache and deliver compromised images to unsuspecting users. This can be combined with other attacks, such as a command ... • https://github.com/openwrt/asu/commit/920c8a13d97b4d4095f0d939cf0aaae777e0f87e • CWE-328: Use of Weak Hash •
CVSS: 8.4EPSS: 0%CPEs: 25EXPL: 0CVE-2024-20104
https://notcve.org/view.php?id=CVE-2024-20104
04 Nov 2024 — In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09073261; Issue ID: MSV-1772. • https://corp.mediatek.com/product-security-bulletin/November-2024 • CWE-787: Out-of-bounds Write •
CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-20085
https://notcve.org/view.php?id=CVE-2024-20085
02 Sep 2024 — In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944204; Issue ID: MSV-1560. En estado de encendido, es posible que se produzca una lectura fuera de los límites debido a la falta de una comprobación de los límites. • https://corp.mediatek.com/product-security-bulletin/September-2024 • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-20084
https://notcve.org/view.php?id=CVE-2024-20084
02 Sep 2024 — In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08944210; Issue ID: MSV-1561. En estado de encendido, es posible que se produzca una lectura fuera de los límites debido a la falta de una comprobación de los límites. • https://corp.mediatek.com/product-security-bulletin/September-2024 • CWE-125: Out-of-bounds Read •
CVSS: 6.6EPSS: 0%CPEs: 4EXPL: 0CVE-2024-20073
https://notcve.org/view.php?id=CVE-2024-20073
03 Jun 2024 — In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00367704; Issue ID: MSV-1411. En el servicio WLAN, existe una posible escritura fuera de los límites debido a una validación de entrada incorrecta. • https://corp.mediatek.com/product-security-bulletin/June-2024 • CWE-787: Out-of-bounds Write •
CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 0CVE-2024-20072
https://notcve.org/view.php?id=CVE-2024-20072
03 Jun 2024 — In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00364732; Issue ID: MSV-1332. En el controlador WLAN, existe una posible escritura fuera de los límites debido a una validación de entrada incorrecta. • https://corp.mediatek.com/product-security-bulletin/June-2024 • CWE-787: Out-of-bounds Write •
CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 0CVE-2024-20071
https://notcve.org/view.php?id=CVE-2024-20071
03 Jun 2024 — In wlan driver, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00364733; Issue ID: MSV-1331. En el controlador WLAN, existe una posible lectura fuera de los límites debido a una validación de entrada incorrecta. • https://corp.mediatek.com/product-security-bulletin/June-2024 • CWE-125: Out-of-bounds Read •
CVSS: 6.7EPSS: 0%CPEs: 25EXPL: 0CVE-2024-20023
https://notcve.org/view.php?id=CVE-2024-20023
04 Mar 2024 — In flashc, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541638; Issue ID: ALPS08541638. • https://corp.mediatek.com/product-security-bulletin/March-2024 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 34EXPL: 0CVE-2024-20022
https://notcve.org/view.php?id=CVE-2024-20022
04 Mar 2024 — In lk, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528255; Issue ID: ALPS08528255. • https://corp.mediatek.com/product-security-bulletin/March-2024 • CWE-125: Out-of-bounds Read •