CRITICAL🇵🇱 Wersja polska

CVE-2024-20148

CVSS 9.8v3.1pub. 2025-01-06upd. 2025-04-22

In wlan STA FW, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389045 / ALPS09136494; Issue ID: MSV-1796.

🤖 AI Analysis
How it works

The bug results from improper input data validation in WLAN station firmware (CWE-787 — out-of-bounds write). An attacker located near the victim (within wireless network range) can deliver specially crafted data that causes a write outside buffer boundaries. The exploit requires no privileges or user action.

Impact

An attacker can gain full remote code execution (RCE) on the victim's device without needing any privileges. This results in potential takeover of the system, breach of confidentiality, integrity, and availability of data.

Mitigation & patch

Security patches available from the manufacturer should be applied according to references — MediaTek security bulletin from January 2025 (https://corp.mediatek.com/product-security-bulletin/January-2025). Patch ID: WCNCR00389045 / ALPS09136494.

Who is affected

Devices with MediaTek chipsets equipped with vulnerable WLAN STA FW software: Linux Foundation Yocto, MediaTek Software Development Kit (SDK), and Google Android — specific versions indicated in the manufacturer's security bulletin from January 2025 (Patch ID: WCNCR00389045 / ALPS09136494, Issue ID: MSV-1796)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Google Android

    OS
    Google
    13.014.015.0
  • Linuxfoundation Yocto

    APP
    Linuxfoundation
    3.34.05.0
  • Mediatek Mt3603

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6835

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6878

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6886

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6897

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7902

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7920

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7922

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8518s

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8532

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8766

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8768

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8775

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8796

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8798

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Software Development Kit

    APP
    Mediatek
    ≤ 2.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2020-16010CRITICAL9.6⚠ KEVten sam produkt

Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who ha...

CVE-2016-1019CRITICAL9.8⚠ KEVten sam produkt

Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application cr...

CVE-2026-13851CRITICAL9.1ten sam produkt

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...

CVE-2026-13852CRITICAL9.1ten sam produkt

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...

CVE-2026-14106CRITICAL9.6ten sam produkt

Insufficient validation of untrusted input in Text in Google Chrome on Android prior to 150.0.7871.47 allowed ...