VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 2, 2024· Updated Jun 18, 2025

CVE-2023-32831

CVE-2023-32831

Description

In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could lead to local information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00325055; Issue ID: MSV-868.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Insufficient randomness in MediaTek wlan driver PIN generation allows local attackers to crack the PIN, leading to information disclosure.

Vulnerability

The wlan driver on affected MediaTek chipsets uses insufficiently random values when generating PINs. This vulnerability (CVE-2023-32831) allows an attacker to predict or brute-force the PIN. The issue is present in the wlan driver code and affects multiple chipsets as listed in the MediaTek January 2024 security bulletin [1]. The patch ID is WCNCR00325055.

Exploitation

An attacker with local access to the device (no execution privileges required) can exploit this vulnerability without any user interaction. By observing or intercepting the PIN generation process, the attacker can leverage the weak randomness to crack the PIN.

Impact

Successful exploitation leads to local information disclosure. The attacker can obtain the PIN, potentially compromising Wi-Fi credentials or other sensitive data protected by the PIN.

Mitigation

MediaTek has released a security patch in the January 2024 bulletin [1]. Device OEMs have been notified and are expected to deploy the fix. Users should apply the latest firmware updates from their device manufacturer.

References
  1. January 2024

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Qualcomm/WLAN driverllm-fuzzy
  • MediaTek, Inc./MT6890, MT7612, MT7613, MT7615, MT7622, MT7626, MT7629, MT7915, MT7916, MT7981, MT7986v5
    Range: SDK version 7.6.7.1 and before

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.