CVE-2022-32665: Input Validation
First published: Tue Jan 03 2023(Updated: )
In Boa, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20220026; Issue ID: OSBNB00144124.
Credit: security@mediatek.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mediatek Linkit Software Development Kit | <tlb7.3.258.100-p1-1555 | |
| Mediatek En7528 Firmware | ||
| Mediatek En7580 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-32665?
CVE-2022-32665 is considered a high severity vulnerability due to the potential for remote escalation of privileges.
How do I fix CVE-2022-32665?
To fix CVE-2022-32665, apply the patch provided by Mediatek, identified as Patch ID A20220026.
Which software is affected by CVE-2022-32665?
CVE-2022-32665 affects the Mediatek Linkit Software Development Kit up to version tlb7.3.258.100-p1-1555.
Is user interaction required to exploit CVE-2022-32665?
No, user interaction is not needed for exploitation of CVE-2022-32665.
Can CVE-2022-32665 lead to privilege escalation without execution privileges?
Yes, CVE-2022-32665 allows for privilege escalation without requiring additional execution privileges.
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/references
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mediatek
- canonical/mediatek linkit software development kit
- canonical/mediatek en7528 firmware
- canonical/mediatek en7580 firmware