IT Security Acknowledgements

The MediaTek Security Team would like to thank the following people and parties for making a responsible disclosure to us and helping to improve MediaTek security.

To report a vulnerability, please send us an email. The reported issues usually will be addressed within the next 90 days. Updates will be provided when available, status requests may be ignored2.

Event IDCVSS1DetailsContributors2
MVR-2021-00367.4Web service without access control.ZW Cai
MVR-2021-00355.9Potential subdomain takeover.Shoeb Raseed Shaikh
MVR-2021-00347.5Web server misconfiguration.Blacksolo
MVR-2021-00339.8Web services RCE.RedTeam@ISO from VNG Corporation
MVR-2021-00324.3Website configuration vulnerability.Santosh Bobade
MVR-2021-00319.8Web services RCE.Tuan Anh Nguyen
MVR-2021-00309.1Web services unauthenticated arbitrary file deletion.Raisul Islam Reyad
MVR-2021-00297.5Web services read-only path traversal.Raisul Islam Reyad
MVR-2021-00285.3Website directory listing.Aswin Krishna
MVR-2021-00275.3Website Improper error handlingSiddhesh Sonje
MVR-2021-00267.5Web form security measure bypass.Anmol K Sachan
MVR-2021-00253.1Web server misconfiguration.Ravindra Dagale
MVR-2021-00245.3Web server misconfiguration.Siddhesh Sonje
MVR-2021-20235.3Website directory listing.Kabeer Saxena
MVR-2021-00227.5Arbitrary denial of service attack.Yu-Cheng Lin
MVR-2021-00204.3Website configuration vulnerability.Gourab Sadhukhan
MVR-2021-00197.4Insecure URI handling.Prajwal Khante
MVR-2021-00185.8Insecure web form design.Ayushi Poreddiwar
MVR-2021-00174.3Website configuration vulnerability.Ayushi Poreddiwar
MVR-2021-00163.1Insecure cookie configuration.Amit Kumar
MVR-2021-00136.5Website form design flaw.Ankit Jeetendra Bhanushali
MVR-2021-00124.3Website configuration vulnerability.Pritam Mukherjee
MVR-2021-00114.3Website configuration vulnerability.Jasmeet Singh
MVR-2021-00104.3Website configuration vulnerability.Akash Rajendra Patil
MVR-2021-00093.0Website insecure referer handling.Vikas Srivastava
MVR-2021-00084.3Website configuration vulnerability.Girish Khamkar
MVR-2021-00076.5Website CSP bypass.Zeyad Azima
MVR-2021-00066.5Improper authentication scope and website configuration vulnerability.ZW Cai
MVR-2021-00056.6Broken authentication and session management.Ashwin V
MVR-2021-00046.4Improper session token handling. Ashwin V
MVR-2021-00037.5Website session hijacking.Ashwin V
MVR-2021-00024.3Website configuration vulnerability.Sakshi Patil
MVR-2020-00036.8Upload filetype limitation bypass.Anonymous
MVR-2020-00026.1Website XSS.Anonymous
MVR-2020-00015.3Web server misconfiguration.Anonymous

1Scores were based on Common Vulnerability Scoring System (CVSS).

2Due to company policies, only the name and handle of the researchers are allowed. Other information, including but not limited to hyperlinks and email addresses, which could potentially lead to security, legal, or political issues, were not allowed. Duplicate reports without any previously unknown information will not be acknowledged. Demanding for acknowledgement is subject to disqualification.

All submissions must undergo scrutiny and credits would only be given if they were determined eligible.
MediaTek reserves the right, at its discretion, to change, modify, add, or remove portions of the terms of eligibility or information on this page at any time.