CVE-2024-20040

2024-04-0102:34:53

MediaTek

www.cve.org

wlan firmware

out of bounds write

remote privilege escalation

input validation

patch id

issue id

mt6xxx chipsets

mt79xx chipsets

user interaction not needed

AI Score

7.3

Confidence

High

EPSS

Percentile

9.0%

JSON

In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08360153 (for MT6XXX chipsets) / WCNCR00363530 (for MT79XX chipsets); Issue ID: MSV-979.

CNA Affected

[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT2713, MT6580, MT6761, MT6762, MT6768, MT6781, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6983, MT6985, MT6989, MT6990, MT7902, MT7915, MT7916, MT7920, MT7921, MT7922, MT7925, MT7927, MT7981, MT7986, MT8188, MT8195, MT8370, MT8390, MT8395, MT8518S, MT8532, MT8673, MT8678, MT8781, MT8791T, MT8792, MT8796, MT8797, MT8798",
    "versions": [
      {
        "version": "Android 12.0, 13.0, 14.0 / Linux 4.19 / Yocto 3.3, 4.0 / OpenWrt 19.07, 21.02 / RDK-B 22Q3",
        "status": "affected"
      }
    ]
  }
]

References

corp.mediatek.com/product-security-bulletin/April-2024