ГлавнаяУязвимости → CVE-2024-20148
9.8критическая

CVE-2024-20148

Описание

In wlan STA FW, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389045 / ALPS09136494; Issue ID: MSV-1796.

Затрагиваемое ПО
Linuxfoundation YoctoMediatek Software development kitGoogle AndroidMediatek Mt3603Mediatek Mt6835Mediatek Mt6878Mediatek Mt6886Mediatek Mt6897Mediatek Mt7902Mediatek Mt7920Mediatek Mt7922Mediatek Mt8518sMediatek Mt8532Mediatek Mt8766Mediatek Mt8768Mediatek Mt8775Mediatek Mt8796Mediatek Mt8798
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://corp.mediatek.com/product-security-bulletin/January-2025