Lucene search

MediaTekVULNRICHMENT:CVE-2024-20073

HistoryJun 03, 2024 - 2:04 a.m.

CVE-2024-20073

2024-06-0302:04:55

CWE-787

MediaTek

github.com

out of bounds

write

wlan service

input validation

local escalation

privilege

system execution

exploitation

patch

issue id

cve-2024-20073

AI Score

7.2

Confidence

High

EPSS

Percentile

9.0%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00367704; Issue ID: MSV-1411.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*"
    ],
    "vendor": "mediatek",
    "product": "mt6890",
    "versions": [
      {
        "status": "affected",
        "version": "*"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:h:mediatek:mt7622:-:*:*:*:*:*:*:*"
    ],
    "vendor": "mediatek",
    "product": "mt7622",
    "versions": [
      {
        "status": "affected",
        "version": "*"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*"
    ],
    "vendor": "openwrt",
    "product": "openwrt",
    "versions": [
      {
        "status": "affected",
        "version": "19.07.0"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:o:openwrt:openwrt:21.02:*:*:*:*:*:*:*"
    ],
    "vendor": "openwrt",
    "product": "openwrt",
    "versions": [
      {
        "status": "affected",
        "version": "21.02"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

corp.mediatek.com/product-security-bulletin/June-2024