Lucene search

MediaTekCVELIST:CVE-2024-20017

HistoryMar 04, 2024 - 2:43 a.m.

CVE-2024-20017

2024-03-0402:43:22

MediaTek

www.cve.org

wlan service

out of bounds write

remote code execution

input validation

patch id

issue id

user interaction

AI Score

7.8

Confidence

High

EPSS

Percentile

9.0%

JSON

In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation Patch ID: WCNCR00350938; Issue ID: MSV-1132.

CNA Affected

[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT6890, MT7915, MT7916, MT7981, MT7986",
    "versions": [
      {
        "version": "SDK version 7.4.0.1 and before (for MT7915) / SDK version 7.6.7.0 and before (for MT7916, MT7981 and MT7986) / OpenWrt 19.07, 21.02",
        "status": "affected"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/March-2024