CVE-2023-20820 — HIGH (7.2)

Vulnerability Description

In wlan service, there is a possible command injection due to improper input validation. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00244189; Issue ID: WCNCR00244189.

CVSS Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Openwrt	Openwrt	19.07.0
Mediatek	Mt6890	-
Mediatek	Mt7603	-
Mediatek	Mt7612	-
Mediatek	Mt7613	-
Mediatek	Mt7615	-
Mediatek	Mt7622	-
Mediatek	Mt7626	-
Mediatek	Mt7629	-
Mediatek	Mt7915	-
Mediatek	Mt7916	-
Mediatek	Mt7981	-
Mediatek	Mt7986	-
Mediatek	Mt7990	-

References

https://corp.mediatek.com/product-security-bulletin/September-2023Vendor Advisory
https://corp.mediatek.com/product-security-bulletin/September-2023Vendor Advisory

FAQ

What is CVE-2023-20820?

CVE-2023-20820 is a vulnerability with a CVSS score of 7.2 (HIGH). In wlan service, there is a possible command injection due to improper input validation. This could lead to remote code execution with System execution privileges needed. User interaction is not neede...

How severe is CVE-2023-20820?

CVE-2023-20820 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-20820?

Check the references section above for vendor advisories and patch information. Affected products include: Openwrt Openwrt, Mediatek Mt6890, Mediatek Mt7603, Mediatek Mt7612, Mediatek Mt7613.