{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-32831","assignerOrgId":"ee979b05-11f8-4f25-a7e0-a1fa9c190374","state":"PUBLISHED","assignerShortName":"MediaTek","dateReserved":"2023-05-16T03:04:32.150Z","datePublished":"2024-01-02T02:50:09.278Z","dateUpdated":"2025-06-18T14:59:42.129Z"},"containers":{"cna":{"providerMetadata":{"orgId":"ee979b05-11f8-4f25-a7e0-a1fa9c190374","shortName":"MediaTek","dateUpdated":"2024-01-02T02:50:09.278Z"},"descriptions":[{"lang":"en","value":"In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could lead to local information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00325055; Issue ID: MSV-868."}],"affected":[{"vendor":"MediaTek, Inc.","product":"MT6890, MT7612, MT7613, MT7615, MT7622, MT7626, MT7629, MT7915, MT7916, MT7981, MT7986","versions":[{"version":"SDK version 7.6.7.1 and before","status":"affected"}]}],"references":[{"url":"https://corp.mediatek.com/product-security-bulletin/January-2024"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"Information Disclosure"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T15:25:37.007Z"},"title":"CVE Program Container","references":[{"url":"https://corp.mediatek.com/product-security-bulletin/January-2024","tags":["x_transferred"]}]},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-330","lang":"en","description":"CWE-330 Use of Insufficiently Random Values"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"LOW","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-01-02T19:59:35.749491Z","id":"CVE-2023-32831","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-06-18T14:59:42.129Z"}}]}}