CVE-2021-31573
CVE-2021-31573
In short
Config Manager has a flaw that allows attackers on the same network to run harmful commands by sending specially crafted input, taking over the system without needing special permissions or user action.
Technical detail
CWE-77 command injection vulnerability in Config Manager stems from insufficient input validation, enabling a proximal attacker to inject arbitrary OS commands through unfiltered parameters; successful exploitation requires network access but no elevated privileges, resulting in complete system compromise via privilege escalation.
Summary generated and translated by AI from the official description.
In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
MediaTek, Inc. · EN7528, EN7580Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →