First published: Mon Feb 06 2023(Updated: )
In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234.
Credit: security@mediatek.com
Affected Software | Affected Version | How to fix |
---|---|---|
Mediatek En7580 Firmware | <tlm7.3.275.0-82 | |
Mediatek En7580 | ||
Mediatek En7528 Firmware | <tlm7.3.275.0-82 | |
Mediatek En7528 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-31574 has a severity rating of high due to the potential for remote code execution and privilege escalation.
To fix CVE-2021-31574, apply the patch identified as A20210009 to the affected Mediatek firmware.
CVE-2021-31574 affects Mediatek firmware versions up to but not including tlm7.3.275.0-82 for both En7580 and En7528.
No, user interaction is not required for the exploitation of CVE-2021-31574.
CVE-2021-31574 can be exploited by a proximal attacker with no additional execution privileges needed.