Skip to main content

Mediatek

230 CVEs vendor

Monthly

CVE-2020-25280 MEDIUM This Month

An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos and MediaTek chipsets) software. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Mediatek Information Disclosure Android
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2020-12465 MEDIUM PATCH This Month

An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Mediatek Linux Kernel Active Iq Unified Manager +7
NVD GitHub
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-0069 HIGH KEV THREAT This Week

In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Mediatek Buffer Overflow Privilege Escalation Memory Corruption Google +29
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2019-15425 LOW Monitor

The Kata M4s Android device with a build fingerprint of alps/full_hct6750_66_n/hct6750_66_n:7.0/NRD90M/1495624556:user/test-keys contains a pre-installed app with a package name of. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Mediatek M4S Firmware
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2019-15424 LOW Monitor

The Doogee BL5000 Android device with a build fingerprint of DOOGEE/BL5000/BL5000:7.0/NRD90M/1497072355:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Mediatek Bl5000 Firmware
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2019-15423 LOW Monitor

The Bluboo Bluboo_S1 Android device with a build fingerprint of BLUBOO/Bluboo_S1/Bluboo_S1:7.0/NRD90M/1495809471:user/release-keys contains a pre-installed app with a package name of. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Mediatek Blueboo S1 Firmware
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2019-15422 LOW Monitor

The Doogee Mix Android device with a build fingerprint of DOOGEE/MIX/MIX:7.0/NRD90M/1495809471:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Mediatek Mix Firmware
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2019-15421 LOW Monitor

The Blackview BV7000_Pro Android device with a build fingerprint of Blackview/BV7000_Pro/BV7000_Pro:7.0/NRD90M/1493011204:user/release-keys contains a pre-installed app with a package name of. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Mediatek Bv7000 Pro Firmware
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2019-15420 LOW Monitor

The Blackview BV9000Pro-F Android device with a build fingerprint of Blackview/BV9000Pro-F/BV9000Pro-F:7.1.1/N4F26M/1514363110:user/release-keys contains a pre-installed app with a package name of. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Mediatek Bv9000Pro F Firmware
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2019-15386 MEDIUM This Month

The Lava Z60s Android device with a build fingerprint of LAVA/Z60s/Z60s:8.1.0/O11019/1530331229:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Mediatek Google Z60S Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2019-15385 MEDIUM This Month

The Infinix Note 5 Android device with a build fingerprint of Infinix/H633B/Infinix-X604_sprout:8.1.0/O11019/L-IN-180206V64:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Note 5 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15384 MEDIUM This Month

The Elephone A4 Android device with a build fingerprint of Elephone/A4/A4:8.1.0/O11019/20180530.143559:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure A4 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15383 MEDIUM This Month

The Allview X5 Android device with a build fingerprint of ALLVIEW/X5_Soul_Mini/X5_Soul_Mini:8.1.0/O11019/1522468763:userdebug/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Soul X5 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15382 MEDIUM This Month

The Cubot Nova Android device with a build fingerprint of CUBOT/CUBOT_NOVA/CUBOT_NOVA:8.1.0/O11019/1527060122:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Nova Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15381 MEDIUM This Month

The BQ 5515L Android device with a build fingerprint of BQru/BQru-5515L/BQru-5515L:8.1.0/O11019/20180409.195525:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure 5515L Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15380 MEDIUM This Month

The Fly Photo Pro Android device with a build fingerprint of Fly/PhotoPro/Photo_Pro:8.1.0/O11019/1528117003:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Photo Pro Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15379 MEDIUM This Month

The Walton Primo G3 Android device with a build fingerprint of WALTON/Primo_GM3/Primo_GM3:8.1.0/O11019/1522737198:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Primo G3 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15378 MEDIUM This Month

The Panasonic Eluga Ray 600 Android device with a build fingerprint of Panasonic/ELUGA_Ray_600/ELUGA_Ray_600:8.1.0/O11019/1532692680:user/release-keys contains a pre-installed app with a package name. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Eluga Ray 600 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15377 MEDIUM This Month

The Cherry Flare S7 Android device with a build fingerprint of Cherry_Mobile/Flare_S7_Deluxe/Flare_S7_Deluxe:8.1.0/O11019/1533920920:user/release-keys contains a pre-installed app with a package name. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Flare S7 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15376 MEDIUM This Month

The Panasonic Eluga Ray 530 Android device with a build fingerprint of Panasonic/ELUGA_Ray_530/ELUGA_Ray_530:8.1.0/O11019/1531828974:user/release-keys contains a pre-installed app with a package name. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Eluga Ray 530 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15375 MEDIUM This Month

The Haier G8 Android device with a build fingerprint of Haier/HM-G559-FL/G8:8.1.0/O11019/1522294799:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure G8 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15374 MEDIUM This Month

The Lava Iris 88 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Iris 88 Lite Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15373 MEDIUM This Month

The Symphony i95 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure I95 Lite Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15372 MEDIUM This Month

The Hisense F17 Android device with a build fingerprint of Hisense/F17_4G/HS6739MT:8.1.0/O11019/Hisense_F17_4G_00_S01:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Infinity F17 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15371 MEDIUM This Month

The Symphony G100 Android device with a build fingerprint of Symphony/G100/G100:8.1.0/O11019/1530618779:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure G100 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15370 MEDIUM This Month

The Haier G8 Android device with a build fingerprint of Haier/HM-G559-FL/G8:8.1.0/O11019/1526527761:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Haier G8 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15369 MEDIUM This Month

The Lava Z61 Turbo Android device with a build fingerprint of LAVA/Z61_Turbo/Z61_Turbo:8.1.0/O11019/1536917928:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Z61 Turbo Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15368 MEDIUM This Month

The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Mega 5 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15367 MEDIUM This Month

The Haier P10 Android device with a build fingerprint of Haier/P10/P10:8.1.0/O11019/1532662449:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure P10 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15366 MEDIUM This Month

The Infinix Note 5 Android device with a build fingerprint of Infinix/H633IJL/Infinix-X604_sprout:8.1.0/O11019/IJL-180531V181:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Note 5 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15365 MEDIUM This Month

The Lava Z92 Android device with a build fingerprint of LAVA/Z92/Z92:8.1.0/O11019/1535088037:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Z92 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15364 MEDIUM This Month

The Dexp BL250 Android device with a build fingerprint of DEXP/BL250/BL250:8.1.0/O11019/1530858027:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Bl250 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15363 MEDIUM This Month

The Leagoo Power 5 Android device with a build fingerprint of LEAGOO/Power_5/Power_5:8.1.0/O11019/1532686195:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Power 5 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15362 MEDIUM This Month

The Lava Iris 88 Go Android device with a build fingerprint of LAVA/iris88_go/iris88_go:8.1.0/O11019/1538188945:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Iris 88 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15361 MEDIUM This Month

The Infinix Note 5 Android device with a build fingerprint of Infinix/H632C/Infinix-X605_sprout:8.1.0/O11019/CE-180914V59:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Note 5 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15360 MEDIUM This Month

The Hisense U965 Android device with a build fingerprint of Hisense/U965_4G_10/HS6739MT:8.1.0/O11019/Hisense_U965_4G_10_S01:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Infinity U965 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15359 MEDIUM This Month

The Haier A6 Android device with a build fingerprint of Haier/A6/A6:8.1.0/O11019/1534219877:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure A6 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15358 MEDIUM This Month

The Dexp Z250 Android device with a build fingerprint of DEXP/Z250/Z250:8.1.0/O11019/1531130719:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Z250 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15357 MEDIUM This Month

The Advan i6A Android device with a build fingerprint of ADVAN/i6A/i6A:8.1.0/O11019/1523602705:userdebug/test-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure I6A Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15356 MEDIUM This Month

The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Flair Z1 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15355 MEDIUM This Month

The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Camon Iclick Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15354 MEDIUM This Month

The Ulefone Armor 5 Android device with a build fingerprint of Ulefone/Ulefone_Armor_5/Ulefone_Armor_5:8.1.0/O11019/1528806701:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Armor 5 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15353 MEDIUM This Month

The Coolpad N3C Android device with a build fingerprint of Coolpad/N3C/N3C:8.1.0/O11019/1538236809:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure N3C Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15352 MEDIUM This Month

The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Mega 5 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2019-15027 CRITICAL POC Act Now

The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on MT65xx, MT66xx, and MT8163 SoC devices allows attackers to execute arbitrary commands as root via shell metacharacters in a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Mediatek Command Injection Mt8163 Firmware Mt6625 Firmware +1
NVD GitHub
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-12041 HIGH This Week

An issue was discovered on the MediaTek AWUS036NH wireless USB adapter through 5.1.25.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mediatek Awus036Nh Firmware
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2017-13173 HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek system server. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mediatek Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-13172 HIGH This Week

An elevation of privilege vulnerability in the MediaTek bluetooth driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-13171 HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek performance service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mediatek Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-13170 HIGH This Week

An elevation of privilege vulnerability in the MediaTek display driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-0865 HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek soc driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mediatek Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-0864 HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek ioctl (flashlight). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mediatek Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-0843 HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek ccci. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mediatek Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-0827 HIGH This Week

An elevation of privilege vulnerability in the MediaTek soc driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0804 HIGH This Week

A elevation of privilege vulnerability in the MediaTek mmc driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0803 HIGH This Week

A elevation of privilege vulnerability in the MediaTek accessory detector driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0802 HIGH This Week

A elevation of privilege vulnerability in the MediaTek kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0801 HIGH This Week

A elevation of privilege vulnerability in the MediaTek libmtkomxvdec. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0800 HIGH This Week

A elevation of privilege vulnerability in the MediaTek teei. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0799 HIGH This Week

A elevation of privilege vulnerability in the MediaTek lastbus. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0798 HIGH This Week

A elevation of privilege vulnerability in the MediaTek kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0797 HIGH This Week

A elevation of privilege vulnerability in the MediaTek accessory detector driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-0796 HIGH This Week

A elevation of privilege vulnerability in the MediaTek auxadc driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-0795 HIGH This Week

A elevation of privilege vulnerability in the MediaTek accessory detector driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-0742 HIGH This Week

A elevation of privilege vulnerability in the MediaTek video driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0741 HIGH This Week

A elevation of privilege vulnerability in the MediaTek gpu driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0711 HIGH This Week

A elevation of privilege vulnerability in the MediaTek networking driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-3216 CRITICAL POC Act Now

WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mediatek Authentication Bypass Ox350 Firmware Bm2022 Firmware Hes 309M Firmware +11
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2017-0649 HIGH This Week

An elevation of privilege vulnerability in the MediaTek sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

RCE Google Mediatek Android
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2017-0636 HIGH This Week

An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

RCE Google Mediatek Android
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2017-0625 MEDIUM PATCH This Month

An information disclosure vulnerability in the MediaTek command queue driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Mediatek Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-0618 HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Google Mediatek Android
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-0617 HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Google Mediatek Android
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-0616 HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek system management interrupt driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Google Mediatek Android
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2017-0615 HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Google Mediatek Android
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2016-10282 HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Google Mediatek Privilege Escalation Android
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2016-10281 HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Google Mediatek Privilege Escalation Android
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2016-10280 HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Google Mediatek Privilege Escalation Android
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2016-10274 HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Mediatek Privilege Escalation Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-0566 HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Google Mediatek Android
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2017-0565 HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Google Mediatek Android
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2017-0562 HIGH This Week

An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Google Mediatek Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0532 MEDIUM PATCH This Month

An information disclosure vulnerability in the MediaTek video codec driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Mediatek Information Disclosure Android
NVD
CVSS 3.0
4.7
EPSS
0.1%
CVE-2017-0529 MEDIUM PATCH This Month

An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Mediatek Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-0522 HIGH PATCH This Week

An elevation of privilege vulnerability in a MediaTek APK could enable a local malicious application to execute arbitrary code within the context of a privileged process. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Mediatek Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0517 HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek hardware sensor driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Google Mediatek Android
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2017-0506 HIGH PATCH This Week

An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Mediatek Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0505 HIGH PATCH This Week

An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Mediatek Android
NVD
CVSS 3.0
7.8
EPSS
3.8%
CVE-2017-0504 HIGH PATCH This Week

An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Mediatek Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0503 HIGH PATCH This Week

An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Mediatek Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
EPSS 0% CVSS 6.8
MEDIUM This Month

An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos and MediaTek chipsets) software. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Mediatek +9
NVD GitHub
EPSS 1% CVSS 7.8
HIGH KEV THREAT This Week

In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Mediatek Buffer Overflow Privilege Escalation +31
NVD
EPSS 0% CVSS 3.3
LOW Monitor

The Kata M4s Android device with a build fingerprint of alps/full_hct6750_66_n/hct6750_66_n:7.0/NRD90M/1495624556:user/test-keys contains a pre-installed app with a package name of. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Mediatek +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

The Doogee BL5000 Android device with a build fingerprint of DOOGEE/BL5000/BL5000:7.0/NRD90M/1497072355:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Mediatek +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

The Bluboo Bluboo_S1 Android device with a build fingerprint of BLUBOO/Bluboo_S1/Bluboo_S1:7.0/NRD90M/1495809471:user/release-keys contains a pre-installed app with a package name of. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Mediatek +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

The Doogee Mix Android device with a build fingerprint of DOOGEE/MIX/MIX:7.0/NRD90M/1495809471:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Mediatek +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

The Blackview BV7000_Pro Android device with a build fingerprint of Blackview/BV7000_Pro/BV7000_Pro:7.0/NRD90M/1493011204:user/release-keys contains a pre-installed app with a package name of. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Mediatek +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

The Blackview BV9000Pro-F Android device with a build fingerprint of Blackview/BV9000Pro-F/BV9000Pro-F:7.1.1/N4F26M/1514363110:user/release-keys contains a pre-installed app with a package name of. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Google Mediatek +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Lava Z60s Android device with a build fingerprint of LAVA/Z60s/Z60s:8.1.0/O11019/1530331229:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Mediatek Google +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Infinix Note 5 Android device with a build fingerprint of Infinix/H633B/Infinix-X604_sprout:8.1.0/O11019/L-IN-180206V64:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Elephone A4 Android device with a build fingerprint of Elephone/A4/A4:8.1.0/O11019/20180530.143559:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Allview X5 Android device with a build fingerprint of ALLVIEW/X5_Soul_Mini/X5_Soul_Mini:8.1.0/O11019/1522468763:userdebug/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Cubot Nova Android device with a build fingerprint of CUBOT/CUBOT_NOVA/CUBOT_NOVA:8.1.0/O11019/1527060122:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The BQ 5515L Android device with a build fingerprint of BQru/BQru-5515L/BQru-5515L:8.1.0/O11019/20180409.195525:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Fly Photo Pro Android device with a build fingerprint of Fly/PhotoPro/Photo_Pro:8.1.0/O11019/1528117003:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Walton Primo G3 Android device with a build fingerprint of WALTON/Primo_GM3/Primo_GM3:8.1.0/O11019/1522737198:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Panasonic Eluga Ray 600 Android device with a build fingerprint of Panasonic/ELUGA_Ray_600/ELUGA_Ray_600:8.1.0/O11019/1532692680:user/release-keys contains a pre-installed app with a package name. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Cherry Flare S7 Android device with a build fingerprint of Cherry_Mobile/Flare_S7_Deluxe/Flare_S7_Deluxe:8.1.0/O11019/1533920920:user/release-keys contains a pre-installed app with a package name. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Panasonic Eluga Ray 530 Android device with a build fingerprint of Panasonic/ELUGA_Ray_530/ELUGA_Ray_530:8.1.0/O11019/1531828974:user/release-keys contains a pre-installed app with a package name. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Haier G8 Android device with a build fingerprint of Haier/HM-G559-FL/G8:8.1.0/O11019/1522294799:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Lava Iris 88 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Symphony i95 Lite Android device with a build fingerprint of LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Hisense F17 Android device with a build fingerprint of Hisense/F17_4G/HS6739MT:8.1.0/O11019/Hisense_F17_4G_00_S01:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Symphony G100 Android device with a build fingerprint of Symphony/G100/G100:8.1.0/O11019/1530618779:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Haier G8 Android device with a build fingerprint of Haier/HM-G559-FL/G8:8.1.0/O11019/1526527761:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Lava Z61 Turbo Android device with a build fingerprint of LAVA/Z61_Turbo/Z61_Turbo:8.1.0/O11019/1536917928:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Haier P10 Android device with a build fingerprint of Haier/P10/P10:8.1.0/O11019/1532662449:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Infinix Note 5 Android device with a build fingerprint of Infinix/H633IJL/Infinix-X604_sprout:8.1.0/O11019/IJL-180531V181:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Lava Z92 Android device with a build fingerprint of LAVA/Z92/Z92:8.1.0/O11019/1535088037:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Dexp BL250 Android device with a build fingerprint of DEXP/BL250/BL250:8.1.0/O11019/1530858027:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Leagoo Power 5 Android device with a build fingerprint of LEAGOO/Power_5/Power_5:8.1.0/O11019/1532686195:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Lava Iris 88 Go Android device with a build fingerprint of LAVA/iris88_go/iris88_go:8.1.0/O11019/1538188945:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Infinix Note 5 Android device with a build fingerprint of Infinix/H632C/Infinix-X605_sprout:8.1.0/O11019/CE-180914V59:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Hisense U965 Android device with a build fingerprint of Hisense/U965_4G_10/HS6739MT:8.1.0/O11019/Hisense_U965_4G_10_S01:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Haier A6 Android device with a build fingerprint of Haier/A6/A6:8.1.0/O11019/1534219877:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Dexp Z250 Android device with a build fingerprint of DEXP/Z250/Z250:8.1.0/O11019/1531130719:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Advan i6A Android device with a build fingerprint of ADVAN/i6A/i6A:8.1.0/O11019/1523602705:userdebug/test-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Tecno Camon iClick Android device with a build fingerprint of TECNO/H633/TECNO-IN6:8.1.0/O11019/A-180409V96:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Ulefone Armor 5 Android device with a build fingerprint of Ulefone/Ulefone_Armor_5/Ulefone_Armor_5:8.1.0/O11019/1528806701:user/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Coolpad N3C Android device with a build fingerprint of Coolpad/N3C/N3C:8.1.0/O11019/1538236809:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on MT65xx, MT66xx, and MT8163 SoC devices allows attackers to execute arbitrary commands as root via shell metacharacters in a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Mediatek Command Injection +3
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered on the MediaTek AWUS036NH wireless USB adapter through 5.1.25.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mediatek Awus036Nh Firmware
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek system server. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An elevation of privilege vulnerability in the MediaTek bluetooth driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek performance service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An elevation of privilege vulnerability in the MediaTek display driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek soc driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek ioctl (flashlight). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek ccci. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An elevation of privilege vulnerability in the MediaTek soc driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A elevation of privilege vulnerability in the MediaTek mmc driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A elevation of privilege vulnerability in the MediaTek accessory detector driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A elevation of privilege vulnerability in the MediaTek kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A elevation of privilege vulnerability in the MediaTek libmtkomxvdec. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A elevation of privilege vulnerability in the MediaTek teei. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A elevation of privilege vulnerability in the MediaTek lastbus. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A elevation of privilege vulnerability in the MediaTek kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A elevation of privilege vulnerability in the MediaTek accessory detector driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A elevation of privilege vulnerability in the MediaTek auxadc driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A elevation of privilege vulnerability in the MediaTek accessory detector driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A elevation of privilege vulnerability in the MediaTek video driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A elevation of privilege vulnerability in the MediaTek gpu driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A elevation of privilege vulnerability in the MediaTek networking driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mediatek Information Disclosure +1
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mediatek Authentication Bypass Ox350 Firmware +13
NVD
EPSS 0% CVSS 7.0
HIGH This Week

An elevation of privilege vulnerability in the MediaTek sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

RCE Google Mediatek +1
NVD
EPSS 0% CVSS 7.0
HIGH This Week

An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

RCE Google Mediatek +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An information disclosure vulnerability in the MediaTek command queue driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Google Mediatek +1
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Google Mediatek +1
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek system management interrupt driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Google Mediatek +1
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Google Mediatek +1
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Google Mediatek +2
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Google Mediatek +2
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Google Mediatek +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Mediatek +2
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Google Mediatek +1
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Google Mediatek +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Google Mediatek +1
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

An information disclosure vulnerability in the MediaTek video codec driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Mediatek Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An elevation of privilege vulnerability in a MediaTek APK could enable a local malicious application to execute arbitrary code within the context of a privileged process. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Mediatek +1
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

An elevation of privilege vulnerability in the MediaTek hardware sensor driver could enable a local malicious application to execute arbitrary code within the context of the kernel. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Google Mediatek +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Mediatek +1
NVD
EPSS 4% CVSS 7.8
HIGH PATCH This Week

An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Mediatek +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Mediatek +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Google Mediatek +1
NVD
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy