Vulnerability Description
In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Patch ID: A20220004; Issue ID: OSBNB00140929.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mediatek | Linkit Software Development Kit | < 7.3.293.0 |
| Mediatek | En7516 | - |
| Mediatek | En7528 | - |
| Mediatek | En7529 | - |
| Mediatek | En7561 | - |
| Mediatek | En7562 | - |
| Mediatek | En7580 | - |
Related Weaknesses (CWE)
References
- https://corp.mediatek.com/product-security-bulletin/January-2023Vendor Advisory
- https://corp.mediatek.com/product-security-bulletin/January-2023Vendor Advisory
FAQ
What is CVE-2022-32664?
CVE-2022-32664 is a vulnerability with a CVSS score of 8.8 (HIGH). In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with User execution privileges needed. User interaction is ...
How severe is CVE-2022-32664?
CVE-2022-32664 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-32664?
Check the references section above for vendor advisories and patch information. Affected products include: Mediatek Linkit Software Development Kit, Mediatek En7516, Mediatek En7528, Mediatek En7529, Mediatek En7561.