CVE-2021-40148
HIGHMediaTek L9 LR11 LR12 LR12A LR13 NR15 - Cleartext Transmission of Sensitive Information
Title source: llmDescription
In Modem EMM, there is a possible information disclosure due to a missing data encryption. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00716585; Issue ID: ALPS05886933.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://corp.mediatek.com/product-security-bulletin/January-2022
Scores
CVSS v3
7.5
EPSS
0.0020
EPSS Percentile
42.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-319
Status
published
Products (6)
mediatek/l9
mediatek/lr11
mediatek/lr12
mediatek/lr12a
mediatek/lr13
mediatek/nr15
Published
Jan 04, 2022
Tracked Since
Feb 18, 2026