CVE-2021-31574
CVE-2021-31574
In short
Config Manager has a command injection flaw that allows attackers on the local network to execute unauthorized commands and gain administrator privileges without needing user interaction or special permissions.
Technical detail
CWE-77 command injection in Config Manager due to insufficient input validation allows local network attackers to achieve privilege escalation through crafted input; no user interaction required. Exploitation vector is network-proximal without authentication; impact includes complete system compromise.
Summary generated and translated by AI from the official description.
In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
MediaTek, Inc. · EN7528, EN7580Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →