To report a vulnerability, please send us an email. The reported issues usually will be addressed within the next 90 days. Updates will be provided when available, status requests may be ignored2.
| Event ID | CVSS1 | Details | Contributors2 |
|---|---|---|---|
| MVR-2021-2023 | 5.3 | Website directory listing. | Kabeer Saxena (@iTheKabeer) |
| MVR-2021-0022 | 7.5 | Arbitrary denial of service attack. | Yu-Cheng Lin |
| MVR-2021-0020 | 4.3 | Website configuration vulnerability. | Gourab Sadhukhan (@gourab-sadhukhan-71158216a) |
| MVR-2021-0019 | 7.4 | Insecure URI handling. | Prajwal Khante (@khanteprajwal) |
| MVR-2021-0018 | 5.8 | Insecure web form design. | Ayushi Poreddiwar |
| MVR-2021-0017 | 4.3 | Website configuration vulnerability. | Ayushi Poreddiwar |
| MVR-2021-0016 | 3.1 | Insecure cookie configuration. | Amit Kumar |
| MVR-2021-0013 | 6.5 | Website form design flaw. | Ankit Jeetendra Bhanushali |
| MVR-2021-0012 | 4.3 | Website configuration vulnerability. | Pritam Mukherjee (@pritam-mukherjee-urvil) |
| MVR-2021-0011 | 4.3 | Website configuration vulnerability. | Jasmeet Singh (@jasmeetsingh01) |
| MVR-2021-0010 | 4.3 | Website configuration vulnerability. | Akash Rajendra Patil (@skypatil98) |
| MVR-2021-0009 | 3.0 | Website insecure referer handling. | Vikas Srivastava (@007vikaxh) |
| MVR-2021-0008 | 4.3 | Website configuration vulnerability. | Girish Khamkar |
| MVR-2021-0007 | 6.5 | Website CSP bypass. | Zeyad Azima |
| MVR-2021-0005 | 6.6 | Broken authentication and session management. | Ashwin V |
| MVR-2021-0004 | 6.4 | Improper session token handling. | Ashwin V |
| MVR-2021-0003 | 7.5 | Website session hijacking. | Ashwin V |
| MVR-2021-0002 | 4.3 | Website configuration vulnerability. | Sakshi Patil |
| MVR-2020-0003 | 6.8 | Upload filetype limitation bypass. | Anonymous |
| MVR-2020-0002 | 6.1 | Website XSS. | Anonymous |
| MVR-2020-0001 | 5.3 | Web server misconfiguration. | Anonymous |
1Scores were based on Common Vulnerability Scoring System (CVSS).
2Due to company policies, only the name and handle of the researchers are allowed. Other information, including but not limited to hyperlinks and email addresses, which could potentially lead to security, legal, or political issues, were not allowed. Duplicate reports without any previously unknown information will not be acknowledged. Demanding for acknowledgement is subject to disqualification.
All submissions must undergo scrutiny and credits would only be given if they were determined eligible.
MediaTek reserves the right, at its discretion, to change, modify, add, or remove portions of the terms of eligibility or information on this page at any time.