Lucene search

[email protected]CVE-2024-20017

HistoryMar 04, 2024 - 3:15 a.m.

CVE-2024-20017

2024-03-0403:15:06

[email protected]

web.nvd.nist.gov

cve-2024-20017

wlan service

out of bounds write

input validation

privilege escalation

nvd

patch id

issue id

security vulnerability

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.8%

JSON

In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation Patch ID: WCNCR00350938; Issue ID: MSV-1132.

Affected configurations

Vulners

Node

mediateknbiot_sdkRange<7.4.0.1

mediatekmt6890

mediatekmt7915

mediatekmt7916

mediatekmt7981

mediatekmt7986

VendorProductVersionCPE
mediateknbiot_sdk*cpe:2.3:a:mediatek:nbiot_sdk:*:*:*:*:*:*:*:*
mediatekmt6890*cpe:2.3:h:mediatek:mt6890:*:*:*:*:*:*:*:*
mediatekmt7915*cpe:2.3:h:mediatek:mt7915:*:*:*:*:*:*:*:*
mediatekmt7916*cpe:2.3:h:mediatek:mt7916:*:*:*:*:*:*:*:*
mediatekmt7981*cpe:2.3:h:mediatek:mt7981:*:*:*:*:*:*:*:*
mediatekmt7986*cpe:2.3:h:mediatek:mt7986:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mediatek	nbiot_sdk	*	cpe:2.3:a:mediatek:nbiot_sdk::::::::
mediatek	mt6890	*	cpe:2.3:h:mediatek:mt6890::::::::
mediatek	mt7915	*	cpe:2.3:h:mediatek:mt7915::::::::
mediatek	mt7916	*	cpe:2.3:h:mediatek:mt7916::::::::
mediatek	mt7981	*	cpe:2.3:h:mediatek:mt7981::::::::
mediatek	mt7986	*	cpe:2.3:h:mediatek:mt7986::::::::

CNA Affected

[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT6890, MT7915, MT7916, MT7981, MT7986",
    "versions": [
      {
        "version": "SDK version 7.4.0.1 and before (for MT7915) / SDK version 7.6.7.0 and before (for MT7916, MT7981 and MT7986) / OpenWrt 19.07, 21.02",
        "status": "affected"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/March-2024