CVE-2023-20820
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
MULTIPLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:M/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
34.2%
In wlan service, there is a possible command injection due to improper input validation. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00244189; Issue ID: WCNCR00244189.
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mediatek | awus036nh | * | cpe:2.3:h:mediatek:awus036nh:*:*:*:*:*:*:*:* |
| mediatek | awus036nh | * | cpe:2.3:h:mediatek:awus036nh:*:*:*:*:*:*:*:* |
| mediatek | mt6890 | * | cpe:2.3:h:mediatek:mt6890:*:*:*:*:*:*:*:* |
| mediatek | mt7603 | * | cpe:2.3:h:mediatek:mt7603:*:*:*:*:*:*:*:* |
| mediatek | mt7612 | * | cpe:2.3:h:mediatek:mt7612:*:*:*:*:*:*:*:* |
| mediatek | mt7613 | * | cpe:2.3:h:mediatek:mt7613:*:*:*:*:*:*:*:* |
| mediatek | mt7615 | * | cpe:2.3:h:mediatek:mt7615:*:*:*:*:*:*:*:* |
| mediatek | mt7622 | * | cpe:2.3:h:mediatek:mt7622:*:*:*:*:*:*:*:* |
| mediatek | mt7626 | * | cpe:2.3:h:mediatek:mt7626:*:*:*:*:*:*:*:* |
| mediatek | mt7629 | * | cpe:2.3:h:mediatek:mt7629:*:*:*:*:*:*:*:* |
Related
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
MULTIPLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:M/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
34.2%