Lucene search

[email protected]CVE-2024-20040

HistoryApr 01, 2024 - 3:15 a.m.

CVE-2024-20040

2024-04-0103:15:07

[email protected]

web.nvd.nist.gov

cve-2024-20040

improper input validation

remote escalation of privilege

patch id

mt6xxx chipsets

mt79xx chipsets

issue id

msv-979

nvd

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08360153 (for MT6XXX chipsets) / WCNCR00363530 (for MT79XX chipsets); Issue ID: MSV-979.

Affected configurations

Vulners

Node

googleandroidRange<12.0

googleandroidRange<13.0

googleandroidRange<14.0

mediatekmt2713

mediatekmt6580

mediatekmt6761

mediatekmt6762

mediatekmt6768

mediatekmt6781

mediatekmt6789

mediatekmt6833

mediatekmt6853

mediatekmt6853t

mediatekmt6855

mediatekmt6873

mediatekmt6875

mediatekmt6877

mediatekmt6879

mediatekmt6883

mediatekmt6885

mediatekmt6886

mediatekmt6889

mediatekmt6890

mediatekmt6891

mediatekmt6893

mediatekmt6895

mediatekmt6983

mediatekmt6985

mediatekmt6989

mediatekmt6990

mediatekmt7902

mediatekmt7915

mediatekmt7916

mediatekmt7920

mediatekmt7921

mediatekmt7922

mediatekawus036nh

mediatekmt7981

mediatekmt7986

mediatekmt8188

mediatekmt8195

mediatekawus036nh

mediatekmt8390

mediatekmt8395

mediatekmt8518s

mediatekmt8532

mediatekmt8673

mediatekawus036nh

mediatekmt8781

mediatekmt8791t

mediatekmt8792

mediatekmt8796

mediatekmt8797

mediatekmt8798

VendorProductVersionCPE
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
mediatekmt2713*cpe:2.3:h:mediatek:mt2713:*:*:*:*:*:*:*:*
mediatekmt6580*cpe:2.3:h:mediatek:mt6580:*:*:*:*:*:*:*:*
mediatekmt6761*cpe:2.3:h:mediatek:mt6761:*:*:*:*:*:*:*:*
mediatekmt6762*cpe:2.3:h:mediatek:mt6762:*:*:*:*:*:*:*:*
mediatekmt6768*cpe:2.3:h:mediatek:mt6768:*:*:*:*:*:*:*:*
mediatekmt6781*cpe:2.3:h:mediatek:mt6781:*:*:*:*:*:*:*:*
mediatekmt6789*cpe:2.3:h:mediatek:mt6789:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	*	cpe:2.3:o:google:android::::::::
google	android	*	cpe:2.3:o:google:android::::::::
google	android	*	cpe:2.3:o:google:android::::::::
mediatek	mt2713	*	cpe:2.3:h:mediatek:mt2713::::::::
mediatek	mt6580	*	cpe:2.3:h:mediatek:mt6580::::::::
mediatek	mt6761	*	cpe:2.3:h:mediatek:mt6761::::::::
mediatek	mt6762	*	cpe:2.3:h:mediatek:mt6762::::::::
mediatek	mt6768	*	cpe:2.3:h:mediatek:mt6768::::::::
mediatek	mt6781	*	cpe:2.3:h:mediatek:mt6781::::::::
mediatek	mt6789	*	cpe:2.3:h:mediatek:mt6789::::::::

Rows per page:

1-10 of 551

CNA Affected

[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT2713, MT6580, MT6761, MT6762, MT6768, MT6781, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6983, MT6985, MT6989, MT6990, MT7902, MT7915, MT7916, MT7920, MT7921, MT7922, MT7925, MT7927, MT7981, MT7986, MT8188, MT8195, MT8370, MT8390, MT8395, MT8518S, MT8532, MT8673, MT8678, MT8781, MT8791T, MT8792, MT8796, MT8797, MT8798",
    "versions": [
      {
        "version": "Android 12.0, 13.0, 14.0 / Linux 4.19 / Yocto 3.3, 4.0 / OpenWrt 19.07, 21.02 / RDK-B 22Q3",
        "status": "affected"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/April-2024

7.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-20040

nvd1 cvelist1 vulnrichment1