Lucene search

MitreCVE-2021-32486

HistorySep 09, 2021 - 4:15 p.m.

CVE-2021-32486

2021-09-0916:15:08

CWE-787

mitre

web.nvd.nist.gov

cve-2021-32486

modem

2g rrm

system crash

heap buffer overflow

denial of service

nvd

patch id

alps04964928

moly00500621

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.003

Percentile

68.6%

JSON

In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00500621; Issue ID: ALPS04964928.

Affected configurations

Nvd

Node

mediatekmodemMatchlr12a

mediatekmodemMatchlr13

AND

mediatekmt6739Match-

mediatekmt6761Match-

mediatekmt6762Match-

mediatekmt6762dMatch-

mediatekmt6762mMatch-

mediatekmt6763Match-

mediatekmt6765Match-

mediatekmt6765tMatch-

mediatekmt6767Match-

mediatekmt6768Match-

mediatekmt6769Match-

mediatekmt6769tMatch-

mediatekmt6769zMatch-

mediatekmt6771Match-

mediatekmt6779Match-

mediatekmt6783Match-

mediatekmt6785Match-

mediatekmt6785tMatch-

VendorProductVersionCPE
mediatekmodemlr12acpe:2.3:o:mediatek:modem:lr12a:*:*:*:*:*:*:*
mediatekmodemlr13cpe:2.3:o:mediatek:modem:lr13:*:*:*:*:*:*:*
mediatekmt6739-cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*
mediatekmt6761-cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*
mediatekmt6762-cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*
mediatekmt6762d-cpe:2.3:h:mediatek:mt6762d:-:*:*:*:*:*:*:*
mediatekmt6762m-cpe:2.3:h:mediatek:mt6762m:-:*:*:*:*:*:*:*
mediatekmt6763-cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*
mediatekmt6765-cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*
mediatekmt6765t-cpe:2.3:h:mediatek:mt6765t:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mediatek	modem	lr12a	cpe:2.3:o:mediatek:modem:lr12a:::::::*
mediatek	modem	lr13	cpe:2.3:o:mediatek:modem:lr13:::::::*
mediatek	mt6739	-	cpe:2.3:h:mediatek:mt6739:-:::::::*
mediatek	mt6761	-	cpe:2.3:h:mediatek:mt6761:-:::::::*
mediatek	mt6762	-	cpe:2.3:h:mediatek:mt6762:-:::::::*
mediatek	mt6762d	-	cpe:2.3:h:mediatek:mt6762d:-:::::::*
mediatek	mt6762m	-	cpe:2.3:h:mediatek:mt6762m:-:::::::*
mediatek	mt6763	-	cpe:2.3:h:mediatek:mt6763:-:::::::*
mediatek	mt6765	-	cpe:2.3:h:mediatek:mt6765:-:::::::*
mediatek	mt6765t	-	cpe:2.3:h:mediatek:mt6765t:-:::::::*

Rows per page:

1-10 of 201

References

corp.mediatek.com/product-security-bulletin/September-2021

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.003

Percentile

68.6%

JSON

Related for CVE-2021-32486