CVE-2024-20073

2024-06-0302:04:55

CWE-787

MediaTek

www.cve.org

wlan service

out of bounds write

local escalation

privilege

input validation

system execution

patch id

issue id

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00367704; Issue ID: MSV-1411.

CNA Affected

[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT6890, MT7622",
    "versions": [
      {
        "version": "SDK version 5.0.5.0 and before / OpenWRT 19.07, 21.02",
        "status": "affected"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/June-2024