CVE-2024-20154

Published Jan 6, 2025

Last updated 2 months ago

CVSS high 8.1

Overview

Description
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00720348; Issue ID: MSV-2392.
Source
security@mediatek.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.1
Impact score
5.9
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

security@mediatek.com
CWE-121

Social media

Hype score
Not currently trending

  1. MediaTek チップセットの脆弱性 CVE-2024-20154 などが FIX:Mobile/IoT デバイスに影響 https://t.co/dC15PO7GI5 MediaTek チップセットの、複数の脆弱性が FIX しました。スマートフォン/タブレット/IoT デバイス/スマート TV などの製品に影響を及ぼすものとのことです。 #Chipset… https://t.co/6TDyNxBRDB

    @iototsecnews

    16 Jan 2025

    74 Impressions

    2 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2024-20154 (CVSS:8.1, HIGH) is Awaiting Analysis. In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code executio..https://t.co/5cg5b6HWKu #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    11 Jan 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2024-20154 (CVSS:8.1, HIGH) is Awaiting Analysis. In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code executio..https://t.co/5cg5b6HWKu #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    10 Jan 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. #Vulnerability #CVE202420105 CVE-2024-20154: Critical RCE Flaw in MediaTek Chipsets Impacts Millions https://t.co/sMsZJLS3D7

    @Komodosec

    9 Jan 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2024-20154: Critical RCE Flaw in MediaTek Chipsets Impacts Millions https://t.co/FYWWM0zUFn

    @Dinosn

    7 Jan 2025

    2125 Impressions

    2 Retweets

    11 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  6. A new vulnerability with increased severity was disclosed for MediaTek MT2735 and other products (CVE-2024-20154) https://t.co/r2WkeYbL5s

    @vuldb

    6 Jan 2025

    78 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2024-20154 In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base stati… https://t.co/eqTILN06l5

    @CVEnew

    6 Jan 2025

    612 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References