← Back

CVE-2024-20017

nvd nist
Published: Mar 4, 2024Modified: May 5, 2025

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation Patch ID: WCNCR00350938; Issue ID: MSV-1132.

Affected (4)

Mediatek
1 product
Software Development Kit
Openwrt
1 product
Openwrt
Configuration A
1 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Software Development Kit
Up to 7.4.0.1
Running on/withPlatform Versions
Mediatek
Mt7622
All versions
Mediatek
Mt7915
All versions
Configuration B
1 vulnerable · 3 platform
Vulnerable SoftwareAffected Versions
Software Development Kit
Up to 7.6.7.0
Running on/withPlatform Versions
Mediatek
Mt7916
All versions
Mediatek
Mt7981
All versions
Mediatek
Mt7986
All versions
Configuration C
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Openwrt
Openwrt
Version 19.07.0
Openwrt
Version 21.02.0
Running on/withPlatform Versions
Mediatek
Mt6890
All versions

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (5)

Source: security@mediatek.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitTechnical DescriptionThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.