CVE-2023-20820 - OpenCVE

In wlan service, there is a possible command injection due to improper input validation. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00244189; Issue ID: WCNCR00244189.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mediatek	Mt6890 Mt7603 Mt7612 Mt7613 Mt7615 Mt7622 Mt7626 Mt7629 Mt7915 Mt7916 Mt7981 Mt7986 Mt7990
Openwrt	Openwrt

Configuration 1 [-]

AND

OR	cpe:2.3:o:openwrt:openwrt:19.07.0:-::::::
	cpe:2.3:o:openwrt:openwrt:21.02.0:-::::::

OR	cpe:2.3:h:mediatek:mt6890:-:::::::*
	cpe:2.3:h:mediatek:mt7603:-:::::::*
	cpe:2.3:h:mediatek:mt7612:-:::::::*
	cpe:2.3:h:mediatek:mt7613:-:::::::*
	cpe:2.3:h:mediatek:mt7615:-:::::::*
	cpe:2.3:h:mediatek:mt7622:-:::::::*
	cpe:2.3:h:mediatek:mt7626:-:::::::*
	cpe:2.3:h:mediatek:mt7629:-:::::::*
	cpe:2.3:h:mediatek:mt7915:-:::::::*
	cpe:2.3:h:mediatek:mt7916:-:::::::*
	cpe:2.3:h:mediatek:mt7981:-:::::::*
	cpe:2.3:h:mediatek:mt7986:-:::::::*
	cpe:2.3:h:mediatek:mt7990:-:::::::*

No data.

References

Link	Providers
https://corp.mediatek.com/product-security-bulletin/September-2023

History

No history.

MITRE

Status: PUBLISHED

Assigner: MediaTek

Published: 2023-09-04T02:27:15.884Z

Updated: 2024-08-02T09:14:41.009Z

Reserved: 2022-10-28T02:03:23.673Z

Link: CVE-2023-20820

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-09-04T03:15:07.840

Modified: 2023-09-07T19:14:49.727

Link: CVE-2023-20820

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*", "matchCriteriaId": "4FA469E2-9E63-4C9A-8EBA-10C8C870063A", "vulnerable": true}, {"criteria": "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*", "matchCriteriaId": "F0133207-2EED-4625-854F-8DB7770D5BF7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", "matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt7603:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A45CDA9-95E6-4C02-8C3C-3B0CF7272A6F", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt7612:-:*:*:*:*:*:*:*", "matchCriteriaId": "EF2E9975-607D-4F06-A85A-B1C2BE3C5B75", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt7613:-:*:*:*:*:*:*:*", "matchCriteriaId": "4979BA07-DC09-4DF8-BA7F-E4143A0ECFE6", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt7615:-:*:*:*:*:*:*:*", "matchCriteriaId": "05748BB1-0D48-4097-932E-E8E2E574FD8D", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt7622:-:*:*:*:*:*:*:*", "matchCriteriaId": "55EB4B27-6264-45BE-9A22-BE8418BB0C06", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt7626:-:*:*:*:*:*:*:*", "matchCriteriaId": "79C6A4C1-BAB5-4C53-91CF-2637C2ECF37F", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt7629:-:*:*:*:*:*:*:*", "matchCriteriaId": "29C210A3-C71E-4010-9DD6-9E36CADC9EED", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt7915:-:*:*:*:*:*:*:*", "matchCriteriaId": "3AB22996-9C22-4B6C-9E94-E4C055D16335", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt7916:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD5AA441-5381-4179-89EB-1642120F72B4", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt7981:-:*:*:*:*:*:*:*", "matchCriteriaId": "490CD97B-021F-4350-AEE7-A2FA866D5889", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt7986:-:*:*:*:*:*:*:*", "matchCriteriaId": "40A9E917-4B34-403F-B512-09EEBEA46811", "vulnerable": false}, {"criteria": "cpe:2.3:h:mediatek:mt7990:-:*:*:*:*:*:*:*", "matchCriteriaId": "4901B2A5-B0C8-4A0C-AC17-87D469744817", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In wlan service, there is a possible command injection due to improper input validation. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00244189; Issue ID: WCNCR00244189."}, {"lang": "es", "value": "En wlan service, se presenta una posible inyecci\u00f3n de comando debido a una comprobaci\u00f3n de entrada inapropiada. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n del sistema necesarios. No es necesaria la interacci\u00f3n del usuario para su explotaci\u00f3n. ID del parche: WCNCR00244189; ID de la incidencia: WCNCR00244189."}], "id": "CVE-2023-20820", "lastModified": "2023-09-07T19:14:49.727", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-04T03:15:07.840", "references": [{"source": "security@mediatek.com", "tags": ["Vendor Advisory"], "url": "https://corp.mediatek.com/product-security-bulletin/September-2023"}], "sourceIdentifier": "security@mediatek.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}