In Modem IMS Stack, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161803; Issue ID: MOLY01161803 (MSV-893).
The vulnerability results from a lack of bounds checking in the MediaTek Modem IMS Stack, which allows writing beyond the allocated memory area (out of bounds write, CWE-787). An attacker can remotely trigger this vulnerability over the network without requiring privileges or user interaction. Successful exploitation of the vulnerability allows arbitrary code execution at the modem level.
An attacker can remotely execute arbitrary code (RCE) on a vulnerable device without any additional privileges, which may lead to complete compromise of system confidentiality, integrity, and availability.
Apply patch with identifier MOLY01161803 (MSV-893) available in the MediaTek security bulletin from January 2024. Details available at: https://corp.mediatek.com/product-security-bulletin/January-2024
MediaTek LR13, MediaTek NR15, MediaTek NR16, MediaTek NR17, MediaTek MT2735 — devices with vulnerable Modem IMS Stack
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMediatek Lr13
OSMediatekwszystkie wersjeMediatek Mt2735
HWMediatekwszystkie wersjeMediatek Mt6779
HWMediatekwszystkie wersjeMediatek Mt6781
HWMediatekwszystkie wersjeMediatek Mt6783
HWMediatekwszystkie wersjeMediatek Mt6785
HWMediatekwszystkie wersjeMediatek Mt6785t
HWMediatekwszystkie wersjeMediatek Mt6789
HWMediatekwszystkie wersjeMediatek Mt6813
HWMediatekwszystkie wersjeMediatek Mt6833
HWMediatekwszystkie wersjeMediatek Mt6833p
HWMediatekwszystkie wersjeMediatek Mt6835
HWMediatekwszystkie wersjeMediatek Mt6853
HWMediatekwszystkie wersjeMediatek Mt6853t
HWMediatekwszystkie wersjeMediatek Mt6855
HWMediatekwszystkie wersjeMediatek Mt6873
HWMediatekwszystkie wersjeMediatek Mt6875
HWMediatekwszystkie wersjeMediatek Mt6877
HWMediatekwszystkie wersjeMediatek Mt6877t
HWMediatekwszystkie wersjeMediatek Mt6878
HWMediatekwszystkie wersjeMediatek Mt6879
HWMediatekwszystkie wersjeMediatek Mt6880
HWMediatekwszystkie wersjeMediatek Mt6883
HWMediatekwszystkie wersjeMediatek Mt6885
HWMediatekwszystkie wersjeMediatek Mt6886
HWMediatekwszystkie wersjeMediatek Mt6889
HWMediatekwszystkie wersjeMediatek Mt6890
HWMediatekwszystkie wersjeMediatek Mt6891
HWMediatekwszystkie wersjeMediatek Mt6893
HWMediatekwszystkie wersjeMediatek Mt6895
HWMediatekwszystkie wersje
Related vulnerabilities
Out-of-bounds write w sterowniku WLAN AP MediaTek — privilege escalation
Out of bounds write w sterowniku wlan AP — eskalacja uprawnień na układach MediaTek
Out-of-bounds write w sterowniku WLAN AP MediaTek – privilege escalation
Brak weryfikacji uprawnień w sterowniku WLAN AP MediaTek — zdalne eskalowanie przywilejów
RCE w usłudze WLAN MediaTek — błędne sprawdzenie granic zapisu (out of bounds write)