Possible Out of Bounds Write Vulnerability in WLAN Service Could Lead to Local Escalation of Privilege
CVE-2024-20017
Currently unrated 🤨
Key Information
- Vendor
- Mediatek, Inc.
- Status
- Mt6890, Mt7915, Mt7916, Mt7981, Mt7986
- Vendor
- CVE Published:
- 4 March 2024
Badges
😄 Trended👾 Exploit Exists🔴 Public PoC
Summary
In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation Patch ID: WCNCR00350938; Issue ID: MSV-1132.
Affected Version(s)
MT6890, MT7915, MT7916, MT7981, MT7986 = SDK version 7.4.0.1 and before (for MT7915) / SDK version 7.6.7.0 and before (for MT7916, MT7981 and MT7986) / OpenWrt 19.07, 21.02
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.