CVE-2022-32664
published 2023-01-03CVE-2022-32664: In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with User…
PriorityP351high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
1.17%
63.5th percentile
In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Patch ID: A20220004; Issue ID: OSBNB00140929.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mediatek | linkit_software_development_kit | < 7.3.293.0 | 7.3.293.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
MediaTek EN7516/EN7528/EN7529/EN7561/EN7562/EN7580 20220004 Config Manager command injection (EUVD-2022-35730)
vuldb·2026-06-01·CVSS 8.8
CVE-2022-32664 [HIGH] MediaTek EN7516/EN7528/EN7529/EN7561/EN7562/EN7580 20220004 Config Manager command injection (EUVD-2022-35730)
A vulnerability has been found in MediaTek EN7516, EN7528, EN7529, EN7561, EN7562 and EN7580 20220004 and classified as critical. The affected element is an unknown function of the component Config Manager. Performing a manipulation results in command injection.
This vulnerability is identified as CVE-2022-32664. The attack can be initiated remotely. There is not any exploit available.
It is recommended to apply a patch to fix this issue.
GHSA
GHSA-rjqv-25x4-8q76: In Config Manager, there is a possible command injection due to improper input validation
ghsa_unreviewed·2023-01-03
CVE-2022-32664 [HIGH] CWE-77 GHSA-rjqv-25x4-8q76: In Config Manager, there is a possible command injection due to improper input validation
In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. Patch ID: A20220004; Issue ID: OSBNB00140929.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-01-03
Published