CVE-2023-32831

MEDIUM

Mediatek Software Development Kit < 7.6.7.1 - Information Disclosure

Title source: rule

Description

In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could lead to local information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00325055; Issue ID: MSV-868.

References (1)

[Vendor Advisory] https://corp.mediatek.com/product-security-bulletin/January-2024

Scores

CVSS v3 5.5

EPSS 0.0004

EPSS Percentile 12.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-330

Status published

Products (1)

mediatek/software_development_kit < 7.6.7.1

Published Jan 02, 2024

Tracked Since Feb 18, 2026