CVE-2023-20820
CVE-2023-20820
In short
A wireless network service fails to properly check user input before running commands, allowing attackers to inject malicious commands and execute code remotely without needing any interaction from the user.
Technical detail
The wlan service contains an improper input validation vulnerability in command processing that allows unauthenticated remote code injection. Exploitation requires System-level privileges for execution and can be triggered automatically without user interaction.
Summary generated and translated by AI from the official description.
In wlan service, there is a possible command injection due to improper input validation. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00244189; Issue ID: WCNCR00244189.
Affected products
MediaTek, Inc. · MT6890, MT7603, MT7612, MT7613, MT7615, MT7622, MT7626, MT7629, MT7915, MT7916, MT7981, MT7986, MT7990Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →