Lucene search

MediaTekCVE-2024-20003

HistoryFeb 05, 2024 - 6:15 a.m.

CVE-2024-20003

2024-02-0506:15:47

CWE-20

MediaTek

web.nvd.nist.gov

modem

nl1

system crash

input validation

denial of service

cve-2024-20003

nvd

security vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

30.8%

JSON

In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01191612 (MSV-981).

Affected configurations

Nvd

Node

mediateknr15Match-

AND

mediatekmt2735Match-

mediatekmt6297Match-

mediatekmt6833Match-

mediatekmt6853Match-

mediatekmt6855Match-

mediatekmt6873Match-

mediatekmt6875Match-

mediatekmt6875tMatch-

mediatekmt6877Match-

mediatekmt6880Match-

mediatekmt6883Match-

mediatekmt6885Match-

mediatekmt6889Match-

mediatekmt6890Match-

mediatekmt6891Match-

mediatekmt6893Match-

mediatekmt8675Match-

mediatekmt8791Match-

mediatekmt8791tMatch-

mediatekmt8797Match-

VendorProductVersionCPE
mediateknr15-cpe:2.3:o:mediatek:nr15:-:*:*:*:*:*:*:*
mediatekmt2735-cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*
mediatekmt6297-cpe:2.3:h:mediatek:mt6297:-:*:*:*:*:*:*:*
mediatekmt6833-cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*
mediatekmt6853-cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*
mediatekmt6855-cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*
mediatekmt6873-cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*
mediatekmt6875-cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*
mediatekmt6875t-cpe:2.3:h:mediatek:mt6875t:-:*:*:*:*:*:*:*
mediatekmt6877-cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mediatek	nr15	-	cpe:2.3:o:mediatek:nr15:-:::::::*
mediatek	mt2735	-	cpe:2.3:h:mediatek:mt2735:-:::::::*
mediatek	mt6297	-	cpe:2.3:h:mediatek:mt6297:-:::::::*
mediatek	mt6833	-	cpe:2.3:h:mediatek:mt6833:-:::::::*
mediatek	mt6853	-	cpe:2.3:h:mediatek:mt6853:-:::::::*
mediatek	mt6855	-	cpe:2.3:h:mediatek:mt6855:-:::::::*
mediatek	mt6873	-	cpe:2.3:h:mediatek:mt6873:-:::::::*
mediatek	mt6875	-	cpe:2.3:h:mediatek:mt6875:-:::::::*
mediatek	mt6875t	-	cpe:2.3:h:mediatek:mt6875t:-:::::::*
mediatek	mt6877	-	cpe:2.3:h:mediatek:mt6877:-:::::::*

Rows per page:

1-10 of 211

CNA Affected

[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT2735, MT6297, MT6833, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8675, MT8791, MT8791T, MT8797",
    "versions": [
      {
        "version": "Modem NR15",
        "status": "affected"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/February-2024

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

30.8%

JSON

Related for CVE-2024-20003