Description

In modem, there is a possible information disclosure due to using risky cryptographic algorithm during connection establishment negotiation. This could lead to remote information disclosure, when weak encryption algorithm is used, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00942482; Issue ID: MSV-1469.

Related CPE's

o

mediatek

nr15

-

Vulnerable

o

mediatek

nr16

-

Vulnerable

o

mediatek

nr17

-

Vulnerable

h

mediatek

mt6298

-

h

mediatek

mt6813

-

h

mediatek

mt6815

-

h

mediatek

mt6833

-

h

mediatek

mt6835

-

h

mediatek

mt6853

-

h

mediatek

mt6855

-

h

mediatek

mt6873

-

h

mediatek

mt6875

-

h

mediatek

mt6875t

-

h

mediatek

mt6877

-

h

mediatek

mt6878

-

h

mediatek

mt6879

-

h

mediatek

mt6883

-

h

mediatek

mt6885

-

h

mediatek

mt6889

-

h

mediatek

mt6891

-

h

mediatek

mt6893

-

h

mediatek

mt6895

-

h

mediatek

mt6895t

-

h

mediatek

mt6896

-

h

mediatek

mt6897

-

h

mediatek

mt6980

-

h

mediatek

mt6980d

-

h

mediatek

mt6983

-

h

mediatek

mt6990

-

h

mediatek

mt8673

-

h

mediatek

mt8675

-

h

mediatek

mt8765

-

h

mediatek

mt8766

-

h

mediatek

mt8768

-

h

mediatek

mt8771

-

h

mediatek

mt8786

-

h

mediatek

mt8791t

-

h

mediatek

mt8792

-

h

mediatek

mt8797

-

h

mediatek

mt8798

-

References

https://corp.mediatek.com/product-security-bulletin/June-2024

Vendor Advisory

https://corp.mediatek.com/product-security-bulletin/June-2024

Vendor Advisory

Weaknesses

[email protected]

Secondary
CWE-327

[email protected]

Primary
CWE-327

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

5.1 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2024-06-03T00:15:09.093Z

1 year ago

Last modified

2025-04-25T16:38:13.850Z

9 months ago