CVE-2024-20017

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-20017

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

I

n wlan service, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation Patch ID: WCNCR00350938; Issue ID: MSV-1132.

References
Link Resource
https://corp.mediatek.com/product-security-bulletin/March-2024 Vendor Advisory
https://blog.coffinsec.com/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html Exploit Technical Description Third Party Advisory
https://blog.sonicwall.com/en-us/2024/09/critical-exploit-in-mediatek-wi-fi-chipsets-zero-click-vulnerability-cve-2024-20017-threatens-routers-and-smartphones/ Exploit Third Party Advisory
https://corp.mediatek.com/product-security-bulletin/March-2024 Vendor Advisory
https://news.ycombinator.com/item?id=41605680 Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:mediatek:software_development_kit:*:*:*:*:*:*:*:*
OR cpe:2.3:h:mediatek:mt7622:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7915:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:mediatek:software_development_kit:*:*:*:*:*:*:*:*
OR cpe:2.3:h:mediatek:mt7916:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7981:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7986:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*
History

05 May 2025, 17:48

Type Values Removed Values Added
CPE cpe:2.3:h:mediatek:mt7915:-:*:*:*:*:*:*:*
cpe:2.3:a:mediatek:software_development_kit:*:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7981:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7986:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7622:-:*:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7916:-:*:*:*:*:*:*:*
First Time Mediatek mt7981
Mediatek mt7622
Openwrt openwrt
Mediatek mt7986
Openwrt
Mediatek mt7916
Mediatek mt6890
Mediatek
Mediatek software Development Kit
Mediatek mt7915
References () https://corp.mediatek.com/product-security-bulletin/March-2024 - () https://corp.mediatek.com/product-security-bulletin/March-2024 - Vendor Advisory
References () https://blog.coffinsec.com/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html - () https://blog.coffinsec.com/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html - Exploit, Technical Description, Third Party Advisory
References () https://blog.sonicwall.com/en-us/2024/09/critical-exploit-in-mediatek-wi-fi-chipsets-zero-click-vulnerability-cve-2024-20017-threatens-routers-and-smartphones/ - () https://blog.sonicwall.com/en-us/2024/09/critical-exploit-in-mediatek-wi-fi-chipsets-zero-click-vulnerability-cve-2024-20017-threatens-routers-and-smartphones/ - Exploit, Third Party Advisory
References () https://news.ycombinator.com/item?id=41605680 - () https://news.ycombinator.com/item?id=41605680 - Third Party Advisory

21 Nov 2024, 08:51

Type Values Removed Values Added
References
  • () https://blog.coffinsec.com/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html -
  • () https://blog.sonicwall.com/en-us/2024/09/critical-exploit-in-mediatek-wi-fi-chipsets-zero-click-vulnerability-cve-2024-20017-threatens-routers-and-smartphones/ -
  • () https://news.ycombinator.com/item?id=41605680 -
References () https://corp.mediatek.com/product-security-bulletin/March-2024 - () https://corp.mediatek.com/product-security-bulletin/March-2024 -

25 Sep 2024, 01:36

Type Values Removed Values Added
CWE CWE-20

26 Aug 2024, 21:35

Type Values Removed Values Added
CWE CWE-787
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
Information

Published : 2024-03-04 03:15

Updated : 2025-05-05 17:48

NVD link : CVE-2024-20017

Mitre link : CVE-2024-20017

CVE.ORG link : CVE-2024-20017

JSON object : View

Products Affected

mediatek

openwrt

CWE
CWE-20

Improper Input Validation

CWE-787

Out-of-bounds Write