CRITICAL🇵🇱 Wersja polska

CVE-2024-20100

CVSS 9.8v3.1pub. 2024-10-07upd. 2025-04-25

In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998449; Issue ID: MSV-1603.

🤖 AI Analysis
How it works

The WLAN driver contains an out-of-bounds write error (CWE-787) resulting from improper input validation. An attacker can deliver specially crafted network data that causes writing outside the intended memory area. The exploit requires no privileges on the device or user interaction, making the attack fully remote and hands-off.

Impact

Successful exploitation of this vulnerability can lead to complete takeover of the device through remote code execution (RCE) in the context of the WLAN driver, with potential access to sensitive data, ability to modify it, and disruption of system operation.

Mitigation & patch

Apply patches available from the manufacturer according to the references (Patch ID: ALPS08998449; Issue ID: MSV-1603). Detailed information about affected versions and updates is available in the MediaTek security bulletin from October 2024: https://corp.mediatek.com/product-security-bulletin/October-2024

Who is affected

Devices based on MediaTek chipsets with systems: MediaTek IoT Yocto, MediaTek Software Development Kit (SDK), and Google Android (versions specified in the MediaTek security bulletin from October 2024)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Google Android

    OS
    Google
    12.013.014.0
  • Mediatek Iot Yocto

    APP
    Mediatek
    24.0
  • Mediatek Mt3605

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6985

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6989

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6990

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7927

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8183

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8365

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8512

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8676

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8678

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8695

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8698

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8755

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8775

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8792

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8796

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Software Development Kit

    APP
    Mediatek
    ≤ 3.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2020-16010CRITICAL9.6⚠ KEVten sam produkt

Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who ha...

CVE-2016-1019CRITICAL9.8⚠ KEVten sam produkt

Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application cr...

CVE-2026-13851CRITICAL9.1ten sam produkt

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...

CVE-2026-13852CRITICAL9.1ten sam produkt

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...

CVE-2026-14106CRITICAL9.6ten sam produkt

Insufficient validation of untrusted input in Text in Google Chrome on Android prior to 150.0.7871.47 allowed ...