To report a vulnerability, please send us an email. The reported issues usually will be addressed within the next 90 days. Updates will be provided when available, status requests may be ignored2.
| Event ID | CVSS1 | Details | Contributors2 |
|---|---|---|---|
| MVR-2021-0036 | 7.4 | Web service without access control. | ZW Cai (@x43x61x69) |
| MVR-2021-0035 | 5.9 | Potential subdomain takeover. | Shoeb Raseed Shaikh (@official_shoeb) |
| MVR-2021-0034 | 7.5 | Web server misconfiguration. | Blacksolo (@MBlacksolo) |
| MVR-2021-0033 | 9.8 | Web services RCE. | RedTeam@ISO from VNG Corporation |
| MVR-2021-0032 | 4.3 | Website configuration vulnerability. | Santosh Bobade (@Santosh88267387) |
| MVR-2021-0031 | 9.8 | Web services RCE. | Tuan Anh Nguyen (@haxor31337) |
| MVR-2021-0030 | 9.1 | Web services unauthenticated arbitrary file deletion. | Raisul Islam Reyad (@m4m4r4i5ul) |
| MVR-2021-0029 | 7.5 | Web services read-only path traversal. | Raisul Islam Reyad (@m4m4r4i5ul) |
| MVR-2021-0028 | 5.3 | Website directory listing. | Aswin Krishna (@733n_wolf) |
| MVR-2021-0027 | 5.3 | Website Improper error handling | Siddhesh Sonje |
| MVR-2021-0026 | 7.5 | Web form security measure bypass. | Anmol K Sachan (@FR13ND0x7F) |
| MVR-2021-0025 | 3.1 | Web server misconfiguration. | Ravindra Dagale |
| MVR-2021-0024 | 5.3 | Web server misconfiguration. | Siddhesh Sonje |
| MVR-2021-2023 | 5.3 | Website directory listing. | Kabeer Saxena (@iTheKabeer) |
| MVR-2021-0022 | 7.5 | Arbitrary denial of service attack. | Yu-Cheng Lin |
| MVR-2021-0020 | 4.3 | Website configuration vulnerability. | Gourab Sadhukhan (@gourab-sadhukhan-71158216a) |
| MVR-2021-0019 | 7.4 | Insecure URI handling. | Prajwal Khante (@khanteprajwal) |
| MVR-2021-0018 | 5.8 | Insecure web form design. | Ayushi Poreddiwar |
| MVR-2021-0017 | 4.3 | Website configuration vulnerability. | Ayushi Poreddiwar |
| MVR-2021-0016 | 3.1 | Insecure cookie configuration. | Amit Kumar |
| MVR-2021-0013 | 6.5 | Website form design flaw. | Ankit Jeetendra Bhanushali |
| MVR-2021-0012 | 4.3 | Website configuration vulnerability. | Pritam Mukherjee (@pritam-mukherjee-urvil) |
| MVR-2021-0011 | 4.3 | Website configuration vulnerability. | Jasmeet Singh (@jasmeetsingh01) |
| MVR-2021-0010 | 4.3 | Website configuration vulnerability. | Akash Rajendra Patil (@skypatil98) |
| MVR-2021-0009 | 3.0 | Website insecure referer handling. | Vikas Srivastava (@007vikaxh) |
| MVR-2021-0008 | 4.3 | Website configuration vulnerability. | Girish Khamkar |
| MVR-2021-0007 | 6.5 | Website CSP bypass. | Zeyad Azima |
| MVR-2021-0006 | 6.5 | Improper authentication scope and website configuration vulnerability. | ZW Cai (@x43x61x69) |
| MVR-2021-0005 | 6.6 | Broken authentication and session management. | Ashwin V |
| MVR-2021-0004 | 6.4 | Improper session token handling. | Ashwin V |
| MVR-2021-0003 | 7.5 | Website session hijacking. | Ashwin V |
| MVR-2021-0002 | 4.3 | Website configuration vulnerability. | Sakshi Patil |
| MVR-2020-0003 | 6.8 | Upload filetype limitation bypass. | Anonymous |
| MVR-2020-0002 | 6.1 | Website XSS. | Anonymous |
| MVR-2020-0001 | 5.3 | Web server misconfiguration. | Anonymous |
1Scores were based on Common Vulnerability Scoring System (CVSS).
2Due to company policies, only the name and handle of the researchers are allowed. Other information, including but not limited to hyperlinks and email addresses, which could potentially lead to security, legal, or political issues, were not allowed. Duplicate reports without any previously unknown information will not be acknowledged. Demanding for acknowledgement is subject to disqualification.
All submissions must undergo scrutiny and credits would only be given if they were determined eligible.
MediaTek reserves the right, at its discretion, to change, modify, add, or remove portions of the terms of eligibility or information on this page at any time.