230
CVEs
2
Critical
119
High
1
KEV
3
PoC
64
Unpatched C/H
52.2%
Patch Rate
0.3%
Avg EPSS
Severity Breakdown
CRITICAL
2
HIGH
119
MEDIUM
103
LOW
6
Monthly CVE Trend
Affected Products (30)
Android
90
Linux Kernel
63
Mt7628 Firmware
20
Mt7629 Firmware
20
Mt7622 Firmware
20
Mt7615 Firmware
20
Mt7915 Firmware
20
Mt7603E Firmware
20
Mt7613 Firmware
20
Mt7620 Firmware
10
Mt7612 Firmware
10
Mt7610 Firmware
9
Debian Linux
5
Note 5 Firmware
3
Mega 5 Firmware
2
Hes 319M2W Firmware
1
Columbia Tl00D Firmware
1
Bm2022 Firmware
1
Nova Firmware
1
Princeton Al10B Firmware
1
Haier G8 Firmware
1
Mt8163 Firmware
1
Solidfire Hci Management Node
1
A4 Firmware
1
Tony Tl00B Firmware
1
Bl5000 Firmware
1
Infinity U965 Firmware
1
Primo G3 Firmware
1
Nova 4 Firmware
1
G100 Firmware
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2017-3216 | WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 3.2% | 72 |
PoC
No patch
|
| CVE-2019-15027 | The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on MT65xx, MT66xx, and MT8163 SoC devices allows attackers to execute arbitrary commands as root via shell metacharacters in a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 3.2% | 69 |
PoC
No patch
|
| CVE-2016-6492 | The MT6573FDVT_SetRegHW function in camera_fdvt.c in the MediaTek driver for Linux allows local users to gain privileges via a crafted application that makes an MT6573FDVTIOC_T_SET_FDCONF_CMD IOCTL. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.8 | 0.1% | 59 |
PoC
No patch
|
| CVE-2021-35055 | MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | HIGH | 8.8 | 1.2% | 44 |
No patch
|
| CVE-2021-37560 | MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | HIGH | 8.8 | 1.2% | 44 |
No patch
|
| CVE-2021-37561 | MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | HIGH | 8.8 | 1.2% | 44 |
No patch
|
| CVE-2021-37563 | MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | HIGH | 8.8 | 1.2% | 44 |
No patch
|
| CVE-2021-37566 | MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | HIGH | 8.8 | 1.3% | 44 |
No patch
|
| CVE-2021-37568 | MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | HIGH | 8.8 | 1.2% | 44 |
No patch
|
| CVE-2021-37569 | MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | HIGH | 8.8 | 1.2% | 44 |
No patch
|
| CVE-2021-37571 | MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | HIGH | 8.8 | 1.2% | 44 |
No patch
|
| CVE-2021-37583 | MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | HIGH | 8.8 | 1.4% | 44 |
No patch
|
| CVE-2021-37584 | MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | HIGH | 8.8 | 1.2% | 44 |
No patch
|
| CVE-2017-0505 | An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. | HIGH | 7.8 | 3.8% | 43 |
|
| CVE-2015-6637 | The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available. | HIGH | 7.8 | 0.1% | 39 |
No patch
|