CVE-2024-20017

CRITICAL

MediaTek WLAN Service - Zero-Click Remote Code Execution

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-20017. PoCs published by mellow-hype.

AI-analyzed exploit summary This repository contains functional exploit code for CVE-2024-20017, targeting a vulnerability in the WAPP daemon. The exploit leverages an arbitrary write primitive to corrupt stack pointers and execute a ROP chain leading to remote code execution via a reverse shell.

Description

In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation Patch ID: WCNCR00350938; Issue ID: MSV-1132.

Exploits (1)

nomisec WORKING POC 140 stars
by mellow-hype · poc
https://github.com/mellow-hype/cve-2024-20017

This repository contains functional exploit code for CVE-2024-20017, targeting a vulnerability in the WAPP daemon. The exploit leverages an arbitrary write primitive to corrupt stack pointers and execute a ROP chain leading to remote code execution via a reverse shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: WAPP daemon (likely on NETGEAR WAX206 or similar devices)
No auth needed
Prerequisites: Network access to the vulnerable WAPP daemon · Target device running a vulnerable version of the daemon
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 9.8
EPSS 0.4633
EPSS Percentile 98.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-20 CWE-787
Status published
Products (3)
mediatek/software_development_kit < 7.4.0.1
openwrt/openwrt 19.07.0
openwrt/openwrt 21.02.0
Published Mar 04, 2024
Tracked Since Feb 18, 2026