#VU102340 Stack-based buffer overflow in MediaTek products - CVE-2024-20154

Vulnerability identifier: #VU102340

Vulnerability risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-20154

CWE-ID: CWE-121

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
MT2735
Mobile applications / Mobile firmware & hardware
MT6767
Mobile applications / Mobile firmware & hardware
MT6768
Mobile applications / Mobile firmware & hardware
MT6769
Mobile applications / Mobile firmware & hardware
MT6769K
Mobile applications / Mobile firmware & hardware
MT6769S
Mobile applications / Mobile firmware & hardware
MT6769T
Mobile applications / Mobile firmware & hardware
MT6769Z
Mobile applications / Mobile firmware & hardware
MT6783
Mobile applications / Mobile firmware & hardware
MT6785T
Mobile applications / Mobile firmware & hardware
MT6785U
Mobile applications / Mobile firmware & hardware
MT6789
Mobile applications / Mobile firmware & hardware
MT6833P
Mobile applications / Mobile firmware & hardware
MT6855
Mobile applications / Mobile firmware & hardware
MT6855T
Mobile applications / Mobile firmware & hardware
MT6875T
Mobile applications / Mobile firmware & hardware
MT6877T
Mobile applications / Mobile firmware & hardware
MT6877TT
Mobile applications / Mobile firmware & hardware
MT6880
Mobile applications / Mobile firmware & hardware
MT6880T
Mobile applications / Mobile firmware & hardware
MT6880U
Mobile applications / Mobile firmware & hardware
MT6890
Mobile applications / Mobile firmware & hardware
MT8666
Mobile applications / Mobile firmware & hardware
MT8673
Mobile applications / Mobile firmware & hardware
MT8675
Mobile applications / Mobile firmware & hardware
MT8765
Mobile applications / Mobile firmware & hardware
MT8766
Mobile applications / Mobile firmware & hardware
MT8768
Mobile applications / Mobile firmware & hardware
MT8771
Mobile applications / Mobile firmware & hardware
MT8781
Mobile applications / Mobile firmware & hardware
MT8786
Mobile applications / Mobile firmware & hardware
MT8788
Mobile applications / Mobile firmware & hardware
MT8788E
Mobile applications / Mobile firmware & hardware
MT8789
Mobile applications / Mobile firmware & hardware
MT8791T
Mobile applications / Mobile firmware & hardware
MT8795T
Mobile applications / Mobile firmware & hardware
MT8798
Mobile applications / Mobile firmware & hardware
MT6779
Hardware solutions / Firmware
MT6781
Hardware solutions / Firmware
MT6785
Hardware solutions / Firmware
MT6853
Hardware solutions / Firmware
MT6853T
Hardware solutions / Firmware
MT6873
Hardware solutions / Firmware
MT6875
Hardware solutions / Firmware
MT6877
Hardware solutions / Firmware
MT6883
Hardware solutions / Firmware
MT6885
Hardware solutions / Firmware
MT6889
Hardware solutions / Firmware
MT6891
Hardware solutions / Firmware
MT6893
Hardware solutions / Firmware
MT8797
Hardware solutions / Firmware

Vendor: MediaTek

Description

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to a missing bounds check within Modem. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.

Mitigation
Install security update from vendor's website.

Vulnerable software versions

MT2735: All versions

MT6767: All versions

MT6768: All versions

MT6769: All versions

MT6769K: All versions

MT6769S: All versions

MT6769T: All versions

MT6769Z: All versions

MT6779: All versions

MT6781: All versions

MT6783: All versions

MT6785: All versions

MT6785T: All versions

MT6785U: All versions

MT6789: All versions

MT6833P: All versions

MT6853: All versions

MT6853T: All versions

MT6855: All versions

MT6855T: All versions

MT6873: All versions

MT6875: All versions

MT6875T: All versions

MT6877: All versions

MT6877T: All versions

MT6877TT: All versions

MT6880: All versions

MT6880T: All versions

MT6880U: All versions

MT6883: All versions

MT6885: All versions

MT6889: All versions

MT6890: All versions

MT6891: All versions

MT6893: All versions

MT8666: All versions

MT8673: All versions

MT8675: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8771: All versions

MT8781: All versions

MT8786: All versions

MT8788: All versions

MT8788E: All versions

MT8789: All versions

MT8791T: All versions

MT8795T: All versions

MT8797: All versions

MT8798: All versions

---

External links
https://corp.mediatek.com/product-security-bulletin/January-2025

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.