CVE-2021-31578 - Vulnerability Details - OpenCVE

In Boa, there is a possible escalation of privilege due to a stack buffer overflow. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mediatek	En7528 En7528 Firmware En7580 En7580 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:mediatek:en7580_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:en7580:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:mediatek:en7528_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:en7528:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://corp.mediatek.com/product-security-acknowledgements

History

No history.

MITRE

Status: PUBLISHED

Assigner: MediaTek

Published: 2023-02-06T00:00:00

Updated: 2024-08-03T23:03:33.483Z

Reserved: 2021-04-22T00:00:00

Link: CVE-2021-31578

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-02-06T22:15:09.470

Modified: 2024-11-21T06:05:56.450

Link: CVE-2021-31578

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:en7580_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AFFE9B98-0C16-4EBF-AE99-8163F19FD28C", "versionEndExcluding": "tlm7.3.275.0-64", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:en7580:-:*:*:*:*:*:*:*", "matchCriteriaId": "061DBB68-80AF-4016-AAE0-EE9DFDFB341B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mediatek:en7528_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D77F5BED-66A1-48F5-B662-A187C1D89E99", "versionEndExcluding": "tlm7.3.275.0-64", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:en7528:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD990C82-4C61-479B-A49F-11A3C0812AC5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In Boa, there is a possible escalation of privilege due to a stack buffer overflow. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241."}, {"lang": "es", "value": "En Boa, existe una posible escalada de privilegios debido a un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria. Esto podr\u00eda conducir a una escalada remota de privilegios por parte de un atacante pr\u00f3ximo sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: A20210008; ID del problema: OSBNB00123241."}], "id": "CVE-2021-31578", "lastModified": "2024-11-21T06:05:56.450", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-02-06T22:15:09.470", "references": [{"source": "security@mediatek.com", "tags": ["Vendor Advisory"], "url": "https://corp.mediatek.com/product-security-acknowledgements"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://corp.mediatek.com/product-security-acknowledgements"}], "sourceIdentifier": "security@mediatek.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}