IT Security Acknowledgements

The MediaTek Security Team would like to thank the following people and parties for making a responsible disclosure to us and helping to improve MediaTek security.

To report a vulnerability, please send us an email. The reported issues usually will be addressed within the next 90 days. Updates will be provided when available, status requests may be ignored2.

Event IDCVSS1DetailsContributors2
MVR-2021-20235.3Website directory listing.Kabeer Saxena
(@iTheKabeer)
MVR-2021-00227.5Arbitrary denial of service attack.Yu-Cheng Lin
MVR-2021-00204.3Website configuration vulnerability.Gourab Sadhukhan
(@gourab-sadhukhan-71158216a)
MVR-2021-00197.4Insecure URI handling.Prajwal Khante
(@khanteprajwal)
MVR-2021-00185.8Insecure web form design.Ayushi Poreddiwar
MVR-2021-00174.3Website configuration vulnerability.Ayushi Poreddiwar
MVR-2021-00163.1Insecure cookie configuration.Amit Kumar
MVR-2021-00136.5Website form design flaw.Ankit Jeetendra Bhanushali
MVR-2021-00124.3Website configuration vulnerability.Pritam Mukherjee
(@pritam-mukherjee-urvil)
MVR-2021-00114.3Website configuration vulnerability.Jasmeet Singh
(@jasmeetsingh01)
MVR-2021-00104.3Website configuration vulnerability.Akash Rajendra Patil
(@skypatil98)
MVR-2021-00093.0Website insecure referer handling.Vikas Srivastava
(@007vikaxh)
MVR-2021-00084.3Website configuration vulnerability.Girish Khamkar
MVR-2021-00076.5Website CSP bypass.Zeyad Azima
MVR-2021-00056.6Broken authentication and session management.Ashwin V
MVR-2021-00046.4Improper session token handling. Ashwin V
MVR-2021-00037.5Website session hijacking.Ashwin V
MVR-2021-00024.3Website configuration vulnerability.Sakshi Patil
MVR-2020-00036.8Upload filetype limitation bypass.Anonymous
MVR-2020-00026.1Website XSS.Anonymous
MVR-2020-00015.3Web server misconfiguration.Anonymous


1Scores were based on Common Vulnerability Scoring System (CVSS).

2Due to company policies, only the name and handle of the researchers are allowed. Other information, including but not limited to hyperlinks and email addresses, which could potentially lead to security, legal, or political issues, were not allowed. Duplicate reports without any previously unknown information will not be acknowledged. Demanding for acknowledgement is subject to disqualification.

All submissions must undergo scrutiny and credits would only be given if they were determined eligible.
MediaTek reserves the right, at its discretion, to change, modify, add, or remove portions of the terms of eligibility or information on this page at any time.