IT Security Acknowledgements

The MediaTek Security Team would like to thank the following people and parties for making a responsible disclosure to us and helping to improve MediaTek security.

To report a vulnerability, please send us an email. The reported issues usually will be addressed within the next 90 days. Updates will be provided when available, status requests may be ignored2.

Event IDCVSS1DetailsContributors2
MVR-2021-00513.1Website XSS.John Fiel Brosas
MVR-2021-00508.8Web service arbitrary access origin.ZW Cai
MVR-2021-00494.3Web server arbitrary debug message.RAAJESH G
MVR-2021-00477.5Website XSS.Nam HaBach
MVR-2021-00469.8Website SQL injection.Nam HaBach
MVR-2021-00456.6Insecure URI handling.ZW Cai
MVR-2021-00446.6Insecure URI handling.Yu-Cheng Lin
MVR-2021-00436.8Potential sub-domain takeover.Chirag Naresh Soni
MVR-2021-00413.5(Subsidiary) Website improper form validation.Nitin Gavhane
MVR-2021-00405.3Web API improper access control.Santosh Bobade
MVR-2021-00395.3(Subsidiary) Website potential DoS.Nitin Gavhane
MVR-2021-00385.3(Subsidiary) Insecure website policy.Nitin Gavhane
MVR-2021-00376.53rd-party services improper access control.Mohammed Israil
MVR-2021-00367.4Web service without access control.ZW Cai
MVR-2021-00355.9Potential subdomain takeover.Shoeb Raseed Shaikh
MVR-2021-00347.5Web server misconfiguration.Blacksolo
MVR-2021-00339.8Web services RCE.RedTeam@ISO from VNG Corporation
MVR-2021-00324.3Website configuration vulnerability.Santosh Bobade
MVR-2021-00319.8Web services RCE.Tuan Anh Nguyen
MVR-2021-00309.1Web services unauthenticated arbitrary file deletion.Raisul Islam Reyad
MVR-2021-00297.5Web services read-only path traversal.Raisul Islam Reyad
MVR-2021-00285.3Website directory listing.Aswin Krishna
MVR-2021-00275.3Website Improper error handlingSiddhesh Sonje
MVR-2021-00267.5Web form security measure bypass.Anmol K Sachan
MVR-2021-00253.1Web server misconfiguration.Ravindra Dagale
MVR-2021-00245.3Web server misconfiguration.Siddhesh Sonje
MVR-2021-20235.3Website directory listing.Kabeer Saxena
MVR-2021-00227.5Arbitrary denial of service attack.Yu-Cheng Lin
MVR-2021-00215.3Website user enumeration.
Gourab Sadhukhan
MVR-2021-00204.3Website configuration vulnerability.Gourab Sadhukhan
MVR-2021-00197.4Insecure URI handling.Prajwal Khante
MVR-2021-00185.8Insecure web form design.Ayushi Poreddiwar
MVR-2021-00174.3Website configuration vulnerability.Ayushi Poreddiwar
MVR-2021-00163.1Insecure cookie configuration.Amit Kumar
MVR-2021-00154.3Website configuration vulnerability.ZW Cai
MVR-2021-00145.5Insecure session handling.VIVEK PANDAY
MVR-2021-00136.5Website form design flaw.Ankit Jeetendra Bhanushali
MVR-2021-00124.3Website configuration vulnerability.Pritam Mukherjee
MVR-2021-00114.3Website configuration vulnerability.Jasmeet Singh
MVR-2021-00104.3Website configuration vulnerability.Akash Rajendra Patil
MVR-2021-00093.0Website insecure referer handling.Vikas Srivastava
MVR-2021-00084.3Website configuration vulnerability.Girish Khamkar
MVR-2021-00076.5Website CSP bypass.Zeyad Azima
MVR-2021-00066.5Improper authentication scope and website configuration vulnerability.ZW Cai
MVR-2021-00056.6Broken authentication and session management.Ashwin V
MVR-2021-00046.4Improper session token handling. Ashwin V
MVR-2021-00037.5Website session hijacking.Ashwin V
MVR-2021-00024.3Website configuration vulnerability.Sakshi Patil
MVR-2020-00036.8Upload filetype limitation bypass.Anonymous
MVR-2020-00026.1Website XSS.Alan Abhilash
MVR-2020-00015.3Web server misconfiguration.Anonymous

1Scores were based on Common Vulnerability Scoring System (CVSS).

2Due to company policies, only the name and handle of the researchers are allowed. Other information, including but not limited to hyperlinks and email addresses, which could potentially lead to security, legal, or political issues, were not allowed. Duplicate reports without any previously unknown information will not be acknowledged. Demanding for acknowledgement is subject to disqualification.

All submissions must undergo scrutiny and credits would only be given if they were determined eligible.
MediaTek reserves the right, at its discretion, to change, modify, add, or remove portions of the terms of eligibility or information on this page at any time.