Nbiot Sdk
CVE-2022-26437
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
In httpclient, there is a possible out of bounds write due to uninitialized data. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WSAP00103831; Issue ID: WSAP00103831.
AnalysisAI
In httpclient, there is a possible out of bounds write due to uninitialized data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Use of Uninitialized Resource (CWE-908), which allows attackers to access uninitialized memory causing crashes or information disclosure. In httpclient, there is a possible out of bounds write due to uninitialized data. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WSAP00103831; Issue ID: WSAP00103831. Affected products include: Mediatek Nbiot Sdk.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Initialize all variables, use compiler warnings for uninitialized access, use memory-safe languages.
In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local
Out-of-bounds write in Android WLAN STA driver due to missing bounds check allows local privilege escalation to System w
Nbiot Sdk contains a vulnerability that allows attackers to local escalation of privilege with User execution privileges
The Nbiot SDK's wlan STA driver contains a buffer overflow vulnerability due to missing bounds checking that allows priv
An uncaught exception in WLAN AP/STA firmware for NBIoT SDK, OpenWrt, and related development kits enables adjacent netw
In Bluetooth driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of s
In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of se
In Bluetooth driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local d
Same weakness CWE-908 – Use of Uninitialized Resource
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today