CVE-2024-20017: Input Validation
First published: Mon Mar 04 2024(Updated: )
In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation Patch ID: WCNCR00350938; Issue ID: MSV-1132.
Credit: security@mediatek.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Mediatek Linkit Software Development Kit | <=7.4.0.1 | |
| Any of | ||
| MediaTek MT7622 Firmware | ||
| mediatek mt7915 firmware | ||
| All of | ||
| Mediatek Linkit Software Development Kit | <=7.6.7.0 | |
| Any of | ||
| MediaTek MT7916 Firmware | ||
| MediaTek MT7981 Firmware | ||
| MediaTek MT7986 | ||
| All of | ||
| Any of | ||
| Open edX | =19.07.0 | |
| Open edX | =21.02.0 | |
| MediaTek MT6890 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://corp.mediatek.com/product-security-bulletin/March-2024
- https://blog.coffinsec.com/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html
- https://blog.sonicwall.com/en-us/2024/09/critical-exploit-in-mediatek-wi-fi-chipsets-zero-click-vulnerability-cve-2024-20017-threatens-routers-and-smartphones/
- https://news.ycombinator.com/item?id=41605680
Frequently Asked Questions
What is the severity of CVE-2024-20017?
CVE-2024-20017 is classified as a critical vulnerability due to its potential for remote code execution without any required user interaction.
How do I fix CVE-2024-20017?
To mitigate CVE-2024-20017, it is recommended to apply the security patches identified in the vendor's product security bulletin.
What could be the impact of exploiting CVE-2024-20017?
Exploitation of CVE-2024-20017 could lead to unauthorized remote code execution, allowing attackers to take control of vulnerable devices.
Which devices are affected by CVE-2024-20017?
CVE-2024-20017 affects several MediaTek software development kits and specific firmware versions, particularly those related to wireless technologies.
Is user interaction required for exploiting CVE-2024-20017?
No, exploiting CVE-2024-20017 does not require any user interaction, making it particularly dangerous.
- agent/first-publish-date
- agent/type
- agent/author
- agent/description
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/source
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/references
- agent/softwarecombine
- agent/event
- agent/tags
- vendor/mediatek
- canonical/mediatek linkit software development kit
- version/mediatek linkit software development kit/7.4.0.1
- canonical/mediatek mt7622 firmware
- canonical/mediatek mt7915 firmware
- version/mediatek linkit software development kit/7.6.7.0
- canonical/mediatek mt7916 firmware
- canonical/mediatek mt7981 firmware
- canonical/mediatek mt7986
- vendor/openwrt
- canonical/open edx
- version/open edx/19.07.0
- version/open edx/21.02.0
- canonical/mediatek mt6890