CVE-2021-31575

CVSS 9.8 CRITICALEPSS 1.7%CWE-77

In short

Config Manager has a command injection flaw that allows attackers on the local network to run unauthorized commands with elevated privileges without any user interaction or special permissions.

Technical detail

CWE-77 command injection vulnerability in Config Manager due to improper input validation enables remote code execution with privilege escalation from a proximal network attacker. No additional execution privileges or user interaction required; exploitation is direct via crafted input.

Summary generated and translated by AI from the official description.

In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

MediaTek, Inc. · EN7528, EN7580

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://corp.mediatek.com/product-security-acknowledgements