CVE-2024-20004: Input Validation
First published: Mon Feb 05 2024(Updated: )
In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01195812 (MSV-985).
Credit: security@mediatek.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| MediaTek NR15 | ||
| Any of | ||
| MediaTek MT2735 | ||
| MediaTek MT6297 | ||
| MediaTek MT6833 | ||
| MediaTek MT6853 | ||
| MediaTek MT6855 | ||
| MediaTek MT6873 | ||
| MediaTek MT6875T | ||
| MediaTek MT6875T | ||
| MediaTek MT6877 | ||
| MediaTek MT6880 | ||
| MediaTek MT6883 | ||
| MediaTek MT6885 | ||
| MediaTek MT6889 | ||
| MediaTek MT6890 | ||
| MediaTek MT6891 | ||
| MediaTek MT6893 | ||
| MediaTek MT8675 | ||
| MediaTek MT8791 WiFi | ||
| MediaTek MT8791T | ||
| MediaTek MT8797 WiFi |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-20004?
CVE-2024-20004 has been classified as a high severity vulnerability due to its potential to cause remote denial of service.
How do I fix CVE-2024-20004?
To fix CVE-2024-20004, apply the patch identified as MOLY01191612 as soon as possible.
What products are affected by CVE-2024-20004?
CVE-2024-20004 affects MediaTek NR15 based products that have improper input validation.
Can CVE-2024-20004 be exploited without user interaction?
Yes, CVE-2024-20004 can be exploited remotely without any user interaction required.
What causes CVE-2024-20004?
CVE-2024-20004 is caused by improper input validation that leads to a possible system crash.
- agent/references
- agent/first-publish-date
- agent/description
- agent/type
- agent/author
- agent/severity
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/mediatek
- canonical/mediatek nr15
- canonical/mediatek mt2735
- canonical/mediatek mt6297
- canonical/mediatek mt6833
- canonical/mediatek mt6853
- canonical/mediatek mt6855
- canonical/mediatek mt6873
- canonical/mediatek mt6875t
- canonical/mediatek mt6877
- canonical/mediatek mt6880
- canonical/mediatek mt6883
- canonical/mediatek mt6885
- canonical/mediatek mt6889
- canonical/mediatek mt6890
- canonical/mediatek mt6891
- canonical/mediatek mt6893
- canonical/mediatek mt8675
- canonical/mediatek mt8791 wifi
- canonical/mediatek mt8791t
- canonical/mediatek mt8797 wifi