Lucene search

[email protected]CVE-2023-20726

HistoryMay 15, 2023 - 10:15 p.m.

CVE-2023-20726

2023-05-1522:15:11

CWE-862

[email protected]

web.nvd.nist.gov

cve-2023-20726

mnld

gps

location leak

permission check

local information disclosure

patch

alps07735968

alps07884552

mt6880

mt6890

mt6980

mt6980d

mt6990

nvd

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

3.7 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only); Issue ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only).

Affected configurations

Vulners

NVD

Node

googleandroidRange<11.0

googleandroidRange<12.0

googleandroidRange<13.0

mediatekmt2731

mediatekmt2735

mediatekmt2737

mediatekmt6580

mediatekmt6739

mediatekmt6761

mediatekmt6762

mediatekmt6765

mediatekmt6767

mediatekmt6768

mediatekmt6769

mediatekmt6771

mediatekmt6779

mediatekmt6781

mediatekmt6783

mediatekmt6785

mediatekmt6789

mediatekmt6833

mediatekmt6853

mediatekmt6855

mediatekmt6873

mediatekmt6877

mediatekmt6879

mediatekmt6880

mediatekmt6883

mediatekmt6885

mediatekmt6886

mediatekmt6889

mediatekmt6890

mediatekmt6891

mediatekmt6893

mediatekmt6895

mediatekmt6896

mediatekmt6980

mediatekmt6980d

mediatekmt6983

mediatekmt6985

mediatekmt6990

mediatekmt8167

mediatekmt8168

mediatekmt8173

mediatekmt8185

mediatekmt8321

mediatekmt8362a

mediatekmt8365

mediatekmt8385

mediatekmt8666

mediatekmt8673

mediatekmt8675

mediatekmt8765

mediatekmt8766

mediatekmt8768

mediatekmt8781

mediatekmt8786

mediatekmt8788

mediatekmt8789

mediatekmt8791

mediatekmt8791t

mediatekmt8797

VendorProductVersionCPE
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
mediatekmt2731*cpe:2.3:h:mediatek:mt2731:*:*:*:*:*:*:*:*
mediatekmt2735*cpe:2.3:h:mediatek:mt2735:*:*:*:*:*:*:*:*
mediatekmt2737*cpe:2.3:h:mediatek:mt2737:*:*:*:*:*:*:*:*
mediatekmt6580*cpe:2.3:h:mediatek:mt6580:*:*:*:*:*:*:*:*
mediatekmt6739*cpe:2.3:h:mediatek:mt6739:*:*:*:*:*:*:*:*
mediatekmt6761*cpe:2.3:h:mediatek:mt6761:*:*:*:*:*:*:*:*
mediatekmt6762*cpe:2.3:h:mediatek:mt6762:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	*	cpe:2.3:o:google:android::::::::
google	android	*	cpe:2.3:o:google:android::::::::
google	android	*	cpe:2.3:o:google:android::::::::
mediatek	mt2731	*	cpe:2.3:h:mediatek:mt2731::::::::
mediatek	mt2735	*	cpe:2.3:h:mediatek:mt2735::::::::
mediatek	mt2737	*	cpe:2.3:h:mediatek:mt2737::::::::
mediatek	mt6580	*	cpe:2.3:h:mediatek:mt6580::::::::
mediatek	mt6739	*	cpe:2.3:h:mediatek:mt6739::::::::
mediatek	mt6761	*	cpe:2.3:h:mediatek:mt6761::::::::
mediatek	mt6762	*	cpe:2.3:h:mediatek:mt6762::::::::

Rows per page:

1-10 of 621

CNA Affected

[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT2731, MT2735, MT2737, MT6580, MT6739, MT6761, MT6762, MT6765, MT6767, MT6768, MT6769, MT6771, MT6779, MT6781, MT6783, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6896, MT6980, MT6980D, MT6983, MT6985, MT6990, MT8167, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797",
    "versions": [
      {
        "version": "Android 11.0, 12.0, 13.0 / OpenWrt 19.07, 21.02 / Yocto 2.6, 3.3 / RDKB 2022Q3",
        "status": "affected"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/May-2023

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

3.7 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-20726

cvelist1 prion1 nvd1