Possible Out of Bounds Write Vulnerability in WLAN Service Could Lead to Local Escalation of Privilege

CVE-2024-20017

Currently unrated 🤨

Key Information

Vendor: Mediatek, Inc.
Status: Mt6890, Mt7915, Mt7916, Mt7981, Mt7986
Vendor: CVE Published:; 4 March 2024

Badges

😄 Trended👾 Exploit Exists🔴 Public PoC

Summary

In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation Patch ID: WCNCR00350938; Issue ID: MSV-1132.

Affected Version(s)

MT6890, MT7915, MT7916, MT7981, MT7986 = SDK version 7.4.0.1 and before (for MT7915) / SDK version 7.6.7.0 and before (for MT7916, MT7981 and MT7986) / OpenWrt 19.07, 21.02

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

cve-2024-20017
Created by mellow-hype

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability started trending.
Sep 5, 2024
👾
Exploit exists.
Aug 30, 2024
Vulnerability published.
Mar 4, 2024
Vulnerability Reserved.
Nov 2, 2023

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)