In preloader, there is a possible read of device unique identifiers due to a logic error. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.
Patch ID: ALPS10607099; Issue ID: MSV-6118.
Attack Parameters
Attack Vector
Physical
Requires physical access
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed
Impact Assessment
Confidentiality
High
Complete data leak
Integrity
None
No data modification
Availability
None
No disruption
CVSS Vector v3.1
Weakness Type (CWE)
Vulnerable Products 44
| Configuration | From (including) | Up to (excluding) |
|---|---|---|
|
Linuxfoundation Yocto
cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*
|
— | — |
|
Rdkcentral Rdk-B
cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*
|
— | — |
|
Rdkcentral Rdk-B
cpe:2.3:a:rdkcentral:rdk-b:2024q1:*:*:*:*:*:*:*
|
— | — |
|
Google Android
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
|
— | — |
|
Google Android
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
|
— | — |
|
Google Android
cpe:2.3:o:google:android:16.0:-:*:*:*:*:*:*
|
— | — |
|
Openwrt Openwrt
cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*
|
— | — |
|
Openwrt Openwrt
cpe:2.3:o:openwrt:openwrt:23.05.0:-:*:*:*:*:*:*
|
— | — |
|
Zephyrproject Zephyr
cpe:2.3:o:zephyrproject:zephyr:3.7.0:-:*:*:*:*:*:*
|
— | — |
|
Mediatek Mt2737
cpe:2.3:h:mediatek:mt2737:-:*:*:*:*:*:*:*
|
— | — |
|
Mediatek Mt6739
cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*
|
— | — |
|
Mediatek Mt6761
cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*
|
— | — |
|
Mediatek Mt6765
cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*
|
— | — |
|
Mediatek Mt6768
cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*
|
— | — |
|
Mediatek Mt6781
cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*
|
— | — |
|
Mediatek Mt6789
cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*
|
— | — |
|
Mediatek Mt6813
cpe:2.3:h:mediatek:mt6813:-:*:*:*:*:*:*:*
|
— | — |
|
Mediatek Mt6833
cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*
|
— | — |
|
Mediatek Mt6853
cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*
|
— | — |
|
Mediatek Mt6855
cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*
|
— | — |
|
Mediatek Mt6877
cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*
|
— | — |
|
Mediatek Mt6878
cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*
|
— | — |
|
Mediatek Mt6879
cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*
|
— | — |
|
Mediatek Mt6880
cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*
|
— | — |
|
Mediatek Mt6885
cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*
|
— | — |
|
Mediatek Mt6886
cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*
|
— | — |
|
Mediatek Mt6890
cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*
|
— | — |
|
Mediatek Mt6893
cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*
|
— | — |
|
Mediatek Mt6895
cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*
|
— | — |
|
Mediatek Mt6897
cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*
|
— | — |
|
Mediatek Mt6983
cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*
|
— | — |
|
Mediatek Mt6985
cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*
|
— | — |
|
Mediatek Mt6989
cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*
|
— | — |
|
Mediatek Mt6990
cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*
|
— | — |
|
Mediatek Mt6993
cpe:2.3:h:mediatek:mt6993:-:*:*:*:*:*:*:*
|
— | — |
|
Mediatek Mt8169
cpe:2.3:h:mediatek:mt8169:-:*:*:*:*:*:*:*
|
— | — |
|
Mediatek Mt8186
cpe:2.3:h:mediatek:mt8186:-:*:*:*:*:*:*:*
|
— | — |
|
Mediatek Mt8188
cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*
|
— | — |
|
Mediatek Mt8370
cpe:2.3:h:mediatek:mt8370:-:*:*:*:*:*:*:*
|
— | — |
|
Mediatek Mt8390
cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*
|
— | — |
|
Mediatek Mt8676
cpe:2.3:h:mediatek:mt8676:-:*:*:*:*:*:*:*
|
— | — |
|
Mediatek Mt8678
cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*
|
— | — |
|
Mediatek Mt8696
cpe:2.3:h:mediatek:mt8696:-:*:*:*:*:*:*:*
|
— | — |
|
Mediatek Mt8793
cpe:2.3:h:mediatek:mt8793:-:*:*:*:*:*:*:*
|
— | — |