In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corruption due to an integer overflow during mishandled memory allocation by pvPortCalloc and pvPortRealloc.
9.8CVSS
9.6AI Score
0.002EPSS
In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Patch ID: A20220004; Issue ID: OSBNB00140929.
8.8CVSS
8.8AI Score
0.003EPSS
In Boa, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20220026; Issue ID: OSBNB00144124.
9.8CVSS
9.3AI Score
0.003EPSS