Vulnerability in wlan STA, affecting MediaTek products
CVE-2024-20153

7.5HIGH

Key Information:

Vendor: MediaTek
Status: Mt2737, Mt6989, Mt6991, Mt7925, Mt8365, Mt8518s, Mt8532, Mt8666, Mt8667, Mt8673, Mt8676, Mt8678, Mt8755, Mt8766, Mt8768, Mt8775, Mt8781, Mt8786, Mt8788, Mt8796, Mt8798, Mt8893
Vendor: CVE Published:; 6 January 2025

Summary

A vulnerability has been identified in wlan STA, allowing attackers to deceive clients into connecting to a rogue access point (AP) with a spoofed SSID. This manipulation can result in remote information disclosure without requiring any execution privileges or user interaction, making it particularly concerning for users of various MediaTek wireless products. Patches have been issued under IDs ALPS08990446 and ALPS09057442 to mitigate this issue.

Affected Version(s)

MT2737, MT6989, MT6991, MT7925, MT8365, MT8518S, MT8532, MT8666, MT8667, MT8673, MT8676, MT8678, MT8755, MT8766, MT8768, MT8775, MT8781, MT8786, MT8788, MT8796, MT8798, MT8893 Android 14.0, 15.0 / SDK release 3.5 and before / Yocto 3.3, 4.0, 5.0

References

https://corp.mediatek.com/product-security-bulletin/Janua...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 6, 2025
Vulnerability Reserved
Nov 2, 2023