CVE-2024-20017

Published Mar 4, 2024

Last updated 5 months ago

CVSS critical 9.8

Overview

Description
In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation Patch ID: WCNCR00350938; Issue ID: MSV-1132.
Source
security@mediatek.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-20

Social media

Hype score
Not currently trending

  1. Patch Alert 🚨🔧 Dell, HPE, and MediaTek have released patches for vulnerabilities. Dell fixed BIOS issues (DSA-2023-152, DSA-2023-467), HPE tackled VMware ESXi exploits, and MediaTek patched CVE-2024-20017 in SDK v7.4.0.1 and earlier. Update now! #Dell #HPE #MediaTek… https://t.

    @gothburz

    7 Jan 2025

    111 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    1 Reply

    1 Quote

  2. Actively exploited CVE : CVE-2024-20017

    @transilienceai

    23 Nov 2024

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. Actively exploited CVE : CVE-2024-20017

    @transilienceai

    19 Nov 2024

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. Actively exploited CVE : CVE-2024-20017

    @transilienceai

    17 Nov 2024

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. Actively exploited CVE : CVE-2024-20017

    @transilienceai

    14 Nov 2024

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. Actively exploited CVE : CVE-2024-20017

    @transilienceai

    4 Nov 2024

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. 4 exploits, 1 bug: exploiting CVE-2024-20017 4 different ways | hyprblog http://0.0.0.0:4000/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html

    @akaclandestine

    2 Nov 2024

    1183 Impressions

    3 Retweets

    7 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  8. Actively exploited CVE : CVE-2024-20017

    @transilienceai

    29 Oct 2024

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. 4 exploits, 1 bug: exploiting cve-2024-20017 4 different ways #exploits #bug #cve202420017 #exploitmitigations #exploitdevelopment https://t.co/Q4cN8IJqLl

    @reverseame

    25 Oct 2024

    1428 Impressions

    8 Retweets

    34 Likes

    16 Bookmarks

    1 Reply

    0 Quotes

  10. Actively exploited CVE : CVE-2024-20017

    @transilienceai

    23 Oct 2024

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. Actively exploited CVE : CVE-2024-20017

    @transilienceai

    20 Oct 2024

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. 4 Exploits, 1 Bug: Exploiting CVE-2024-20017 in 4 Ways with @hyprdude! 1. RIP hijack 2. Arbitrary write via pointer corruption 3. Arbitrary write via ROP (full RELRO) 4. WAX206 return address corruption + arbitrary r/w via pointer corruption Here's the TL;DR https://t.co/XcGIJa

    @ctbbpodcast

    19 Oct 2024

    1833 Impressions

    4 Retweets

    52 Likes

    23 Bookmarks

    2 Replies

    0 Quotes

  13. Actively exploited CVE : CVE-2024-20017

    @transilienceai

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

References