CVE-2024-20017

Published Mar 4, 2024

Last updated 2 months ago

Overview

Description
In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation Patch ID: WCNCR00350938; Issue ID: MSV-1132.
Source
security@mediatek.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-20

Social media

Hype score

1

  1. Actively exploited CVE : CVE-2024-20017

    @transilienceai

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. Actively exploited CVE : CVE-2024-20017

    @transilienceai

    Nov 14, 2024 5:37 PM

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. Actively exploited CVE : CVE-2024-20017

    @transilienceai

    Nov 4, 2024 12:00 AM

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. 4 exploits, 1 bug: exploiting CVE-2024-20017 4 different ways | hyprblog http://0.0.0.0:4000/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html

    @akaclandestine

    Nov 2, 2024 9:58 PM

    1183 Impressions

    3 Retweets

    7 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  5. Actively exploited CVE : CVE-2024-20017

    @transilienceai

    Oct 29, 2024 11:34 PM

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. 4 exploits, 1 bug: exploiting cve-2024-20017 4 different ways #exploits #bug #cve202420017 #exploitmitigations #exploitdevelopment https://t.co/Q4cN8IJqLl

    @reverseame

    Oct 25, 2024 5:31 PM

    1428 Impressions

    8 Retweets

    34 Likes

    16 Bookmarks

    1 Reply

    0 Quotes

  7. Actively exploited CVE : CVE-2024-20017

    @transilienceai

    Oct 23, 2024 1:16 AM

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  8. Actively exploited CVE : CVE-2024-20017

    @transilienceai

    Oct 20, 2024 1:13 AM

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. 4 Exploits, 1 Bug: Exploiting CVE-2024-20017 in 4 Ways with @hyprdude! 1. RIP hijack 2. Arbitrary write via pointer corruption 3. Arbitrary write via ROP (full RELRO) 4. WAX206 return address corruption + arbitrary r/w via pointer corruption Here's the TL;DR https://t.co/XcGIJa

    @ctbbpodcast

    Oct 19, 2024 6:14 PM

    1833 Impressions

    4 Retweets

    52 Likes

    23 Bookmarks

    2 Replies

    0 Quotes

References