Lucene search

MediaTekVULNRICHMENT:CVE-2024-20071

HistoryJun 03, 2024 - 2:04 a.m.

CVE-2024-20071

2024-06-0302:04:51

CWE-125

MediaTek

github.com

wlan driver

out of bounds read

input validation

local information disclosure

system execution privileges

exploitation

patch id

issue id

AI Score

6.2

Confidence

High

EPSS

Percentile

9.0%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

In wlan driver, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00364733; Issue ID: MSV-1331.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*"
    ],
    "vendor": "mediatek",
    "product": "mt6890",
    "versions": [
      {
        "status": "affected",
        "version": "*"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*"
    ],
    "vendor": "mediatek",
    "product": "mt6990",
    "versions": [
      {
        "status": "affected",
        "version": "*"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:h:mediatek:mt7622:-:*:*:*:*:*:*:*"
    ],
    "vendor": "mediatek",
    "product": "mt7622",
    "versions": [
      {
        "status": "affected",
        "version": "*"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:openwrt:openwrt:23.05:*:*:*:*:*:*:*",
      "cpe:2.3:a:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*",
      "cpe:2.3:o:openwrt:openwrt:21.02:*:*:*:*:*:*:*"
    ],
    "vendor": "openwrt",
    "product": "openwrt",
    "versions": [
      {
        "status": "affected",
        "version": "*"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

corp.mediatek.com/product-security-bulletin/June-2024