CVE-2024-20071

2024-06-0302:15:09

CWE-125

[email protected]

web.nvd.nist.gov

nvd

security vulnerability

cve-2024-20071

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

In wlan driver, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00364733; Issue ID: MSV-1331.

Affected configurations

Vulners

Node

mediateknbiot_sdkRange<5.0.5.0

mediatekmt6890

mediatekmt6990

mediatekmt7622

CNA Affected

[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT6890, MT6990, MT7622",
    "versions": [
      {
        "version": "SDK version 5.0.5.0 and before / OpenWRT 19.07, 21.02, 23.05",
        "status": "affected"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/June-2024