Out of Bounds Write Vulnerability in Mediatek WLAN Driver
CVE-2024-20146

8.1HIGH

Summary

A vulnerability has been identified in the Mediatek WLAN STA driver, allowing for a potential out of bounds write due to improper input validation. This flaw could enable attackers to execute arbitrary code remotely, without requiring any additional execution privileges or user interactions. If exploited, this could severely compromise the security of affected systems. Immediate action is recommended to mitigate the risks associated with this type of vulnerability.

Affected Version(s)

MT2737, MT3603, MT6835, MT6878, MT6886, MT6897, MT6990, MT7902, MT7920, MT7922, MT8365, MT8518S, MT8532, MT8666, MT8667, MT8673, MT8755, MT8766, MT8768, MT8775, MT8781, MT8786, MT8788, MT8796, MT8798, MT8893 Android 13.0, 14.0, 15.0 / SDK release 2.5 and before / openWRT 23.05 / Yocto 3.3, 4.0, 5.0

References

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.