CVE-2022-32654 [Medium] | Security Vulnerability in Mt5221 Firmware

In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705011; Issue ID: GN20220705011.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-02-24	0.10%	0.16%	+0.06%
2	2025-03-17	0.04%	0.10%	+0.06%
3	2023-03-07	—	0.04%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-02-24

0.10%

0.16%

+0.06%

2025-03-17

0.04%

0.10%

+0.06%

2023-03-07

—

0.04%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
6.7	3.1	MEDIUM	`CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H` Click to expand Attack vector (AV:L) They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by. Attack complexity (AC:L) Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup. Privileges required (PR:H) They need powerful rights—admin, root, or similar—before this pays off. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:H) Serious risk that confidential data gets exposed in a big way. Integrity (I:H) They could widely tamper with or forge data—trust in the data is badly hurt. Availability (A:H) Could take the service down hard or make it unusable for people who depend on it.	0.8	5.9	[email protected]
6.7	3.1	MEDIUM	`CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H` Click to expand Attack vector (AV:L) They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by. Attack complexity (AC:L) Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup. Privileges required (PR:H) They need powerful rights—admin, root, or similar—before this pays off. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:H) Serious risk that confidential data gets exposed in a big way. Integrity (I:H) They could widely tamper with or forge data—trust in the data is badly hurt. Availability (A:H) Could take the service down hard or make it unusable for people who depend on it.	0.8	5.9	134c704f-9b21-4f2e-91b3-4a467353bcc0

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

6.7

3.1

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Click to expand

Attack vector (AV:L): They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:L): Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:H): They need powerful rights—admin, root, or similar—before this pays off.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U): Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H): Serious risk that confidential data gets exposed in a big way.
Integrity (I:H): They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H): Could take the service down hard or make it unusable for people who depend on it.

0.8

5.9

[email protected]

6.7

3.1

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Click to expand

Attack vector (AV:L): They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:L): Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:H): They need powerful rights—admin, root, or similar—before this pays off.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U): Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H): Serious risk that confidential data gets exposed in a big way.
Integrity (I:H): They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H): Could take the service down hard or make it unusable for people who depend on it.

0.8

5.9

134c704f-9b21-4f2e-91b3-4a467353bcc0

Affected software / configurations for CVE-2022-32654

Vendor	Product	Version	Raw CPE
mediatek	mt5221_firmware	7.6.6.0	cpe:2.3:o:mediatek:mt5221_firmware:7.6.6.0:::::::*
mediatek	mt7603_firmware	7.6.6.0	cpe:2.3:o:mediatek:mt7603_firmware:7.6.6.0:::::::*
mediatek	mt7613_firmware	7.6.6.0	cpe:2.3:o:mediatek:mt7613_firmware:7.6.6.0:::::::*
mediatek	mt7615_firmware	7.6.6.0	cpe:2.3:o:mediatek:mt7615_firmware:7.6.6.0:::::::*
mediatek	mt7622_firmware	7.6.6.0	cpe:2.3:o:mediatek:mt7622_firmware:7.6.6.0:::::::*
mediatek	mt7628_firmware	7.6.6.0	cpe:2.3:o:mediatek:mt7628_firmware:7.6.6.0:::::::*
mediatek	mt7629_firmware	7.6.6.0	cpe:2.3:o:mediatek:mt7629_firmware:7.6.6.0:::::::*
mediatek	mt7663_firmware	7.6.6.0	cpe:2.3:o:mediatek:mt7663_firmware:7.6.6.0:::::::*
mediatek	mt7668_firmware	7.6.6.0	cpe:2.3:o:mediatek:mt7668_firmware:7.6.6.0:::::::*
mediatek	mt7682_firmware	7.6.6.0	cpe:2.3:o:mediatek:mt7682_firmware:7.6.6.0:::::::*
mediatek	mt7686_firmware	7.6.6.0	cpe:2.3:o:mediatek:mt7686_firmware:7.6.6.0:::::::*
mediatek	mt7687_firmware	7.6.6.0	cpe:2.3:o:mediatek:mt7687_firmware:7.6.6.0:::::::*
mediatek	mt7697_firmware	7.6.6.0	cpe:2.3:o:mediatek:mt7697_firmware:7.6.6.0:::::::*
mediatek	mt7902_firmware	7.6.6.0	cpe:2.3:o:mediatek:mt7902_firmware:7.6.6.0:::::::*
mediatek	mt7915_firmware	7.6.6.0	cpe:2.3:o:mediatek:mt7915_firmware:7.6.6.0:::::::*
mediatek	mt7916_firmware	7.6.6.0	cpe:2.3:o:mediatek:mt7916_firmware:7.6.6.0:::::::*
mediatek	mt7921_firmware	7.6.6.0	cpe:2.3:o:mediatek:mt7921_firmware:7.6.6.0:::::::*
mediatek	mt7933_firmware	7.6.6.0	cpe:2.3:o:mediatek:mt7933_firmware:7.6.6.0:::::::*
mediatek	mt7981_firmware	7.6.6.0	cpe:2.3:o:mediatek:mt7981_firmware:7.6.6.0:::::::*
mediatek	mt7986_firmware	7.6.6.0	cpe:2.3:o:mediatek:mt7986_firmware:7.6.6.0:::::::*
mediatek	mt8167s_firmware	7.6.6.0	cpe:2.3:o:mediatek:mt8167s_firmware:7.6.6.0:::::::*
mediatek	mt8175_firmware	7.6.6.0	cpe:2.3:o:mediatek:mt8175_firmware:7.6.6.0:::::::*
mediatek	mt8362a_firmware	7.6.6.0	cpe:2.3:o:mediatek:mt8362a_firmware:7.6.6.0:::::::*
mediatek	mt8365_firmware	7.6.6.0	cpe:2.3:o:mediatek:mt8365_firmware:7.6.6.0:::::::*
mediatek	mt8385_firmware	7.6.6.0	cpe:2.3:o:mediatek:mt8385_firmware:7.6.6.0:::::::*
mediatek	mt8518s_firmware	7.6.6.0	cpe:2.3:o:mediatek:mt8518s_firmware:7.6.6.0:::::::*
mediatek	mt8532_firmware	7.6.6.0	cpe:2.3:o:mediatek:mt8532_firmware:7.6.6.0:::::::*
mediatek	mt8695_firmware	7.6.6.0	cpe:2.3:o:mediatek:mt8695_firmware:7.6.6.0:::::::*
mediatek	mt8696_firmware	7.6.6.0	cpe:2.3:o:mediatek:mt8696_firmware:7.6.6.0:::::::*
mediatek	mt8788_firmware	7.6.6.0	cpe:2.3:o:mediatek:mt8788_firmware:7.6.6.0:::::::*

References for CVE-2022-32654

URL	Tags
https://corp.mediatek.com/product-security-bulletin/February-2023	Vendor Advisory

URL

CVE-2022-32654

Exploit prediction scoring system (EPSS) score for CVE-2022-32654

Common vulnerability scoring system (CVSS) metrics for CVE-2022-32654

Weakness enumeration for CVE-2022-32654

Affected software / configurations for CVE-2022-32654

References for CVE-2022-32654