Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on MT65xx, MT66xx, and MT8163 SoC devices allows attackers to execute arbitrary commands as root via shell metacharacters in a filename under /data, because clear_emmc_nomedia_entry in platform/mt6577/external/meta/emmc/meta_clr_emmc.c invokes 'system("/system/bin/rm -r /data/' followed by this filename upon an eMMC clearance from a Meta Mode boot. NOTE: compromise of Fire OS on the Amazon Echo Dot would require a second hypothetical vulnerability that allows creation of the required file under /data.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MediaTek Embedded Multimedia Card子系统命令注入漏洞
Vulnerability Description
MediaTek Embedded Multimedia Card (eMMC)子系统存在安全漏洞。攻击者可借助/data下带有shell元字符的文件名利用该漏洞以root用户身份执行任意命令。以下产品及版本受到影响:MT65xx设备;MT66xx设备;MT8163 SoC设备。
CVSS Information
N/A
Vulnerability Type
N/A