CVE-2024-20017

🗓️ 04 Mar 2024 02:43:22Reported by MediaTekType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 125 Views

Possible out of bounds write in wlan service, leading to local privilege escalatio

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2024-20017	4 Mar 202404:31	–	circl
CNNVD	MediaTek Chip Security Breach	4 Mar 202400:00	–	cnnvd
Cvelist	CVE-2024-20017	4 Mar 202402:43	–	cvelist
GithubExploit	Exploit for Improper Input Validation in Mediatek Software_Development_Kit	30 Aug 202405:54	–	githubexploit
NVD	CVE-2024-20017	4 Mar 202403:15	–	nvd
OSV	CVE-2024-20017	4 Mar 202403:15	–	osv
Prion	Input validation	4 Mar 202403:15	–	prion
Positive Technologies	PT-2024-6388 · Xiaomi +3 · Xiaomi +3	3 Mar 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-20017	23 May 202508:54	–	redhatcve
Saint	MediaTek wappd buffer overflow	30 Sep 202400:00	–	saint

NVD

Vulners

Node

mediatek software_development_kitRange≤7.4.0.1

AND

mediatek mt7622Match-

mediatek mt7915Match-

Node

mediatek software_development_kitRange≤7.6.7.0

AND

mediatek mt7916Match-

mediatek mt7981Match-

mediatek mt7986Match-

Node

openwrt openwrtMatch19.07.0-

openwrt openwrtMatch21.02.0-

AND

mediatek mt6890Match-

[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT6890, MT7915, MT7916, MT7981, MT7986",
    "versions": [
      {
        "version": "SDK version 7.4.0.1 and before (for MT7915) / SDK version 7.6.7.0 and before (for MT7916, MT7981 and MT7986) / OpenWrt 19.07, 21.02",
        "status": "affected"
      }
    ]
  }
]

Source	Link
corp	www.corp.mediatek.com/product-security-bulletin/March-2024
news	www.news.ycombinator.com/item
blog	www.blog.sonicwall.com/en-us/2024/09/critical-exploit-in-mediatek-wi-fi-chipsets-zero-click-vulnerability-cve-2024-20017-threatens-routers-and-smartphones/
blog	www.blog.coffinsec.com/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html