#VU98113 Out-of-bounds write in MediaTek products - CVE-2024-20100

Cybersecurity Help s.r.o.

Published: 2024-10-08

Vulnerability identifier: #VU98113

Vulnerability risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-20100

CWE-ID: CWE-787

Exploitation vector: Network

Exploit availability: No

Vendor: MediaTek

Description

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within wlan. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.

Mitigation
Install security update from vendor's website.

Vulnerable software versions

MT3605: All versions

MT6985: All versions

MT6989: All versions

MT6990: All versions

MT7927: All versions

MT8183: All versions

MT8365: All versions

MT8512: All versions

MT8676: All versions

MT8678: All versions

MT8695: All versions

MT8698: All versions

MT8755: All versions

MT8775: All versions

MT8792: All versions

MT8796: All versions

External links
https://corp.mediatek.com/product-security-bulletin/October-2024

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Google Android

Multiple vulnerabilities in MediaTek chipsets