CVE-2023-32831

Published: Jan 2, 2024Modified: Jun 18, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could lead to local information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00325055; Issue ID: MSV-868.

Affected (1)

Products: Mediatek: Software Development Kit

Mediatek

1 product

Software Development Kit

Configuration A

1 vulnerable · 11 platform

Vulnerable Software	Affected Versions
Mediatek Software Development Kit	Up to 7.6.7.1

Running on/with	Platform Versions
Mediatek Mt6890	All versions
Mediatek Mt7612	All versions
Mediatek Mt7613	All versions
Mediatek Mt7615	All versions
Mediatek Mt7622	All versions
Mediatek Mt7626	All versions
Mediatek Mt7629	All versions
Mediatek Mt7915	All versions
Mediatek Mt7916	All versions
Mediatek Mt7981	All versions
Mediatek Mt7986	All versions

Related CWEs

CWE-330

Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

References (2)

https://corp.mediatek.com/product-security-bulletin/January-2024

Source: security@mediatek.com

Vendor Advisory

https://corp.mediatek.com/product-security-bulletin/January-2024

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.