CVE-2024-20017

CRITICAL

Wlan Service - RCE

Title source: llm

Description

In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation Patch ID: WCNCR00350938; Issue ID: MSV-1132.

Exploits (1)

nomisec WORKING POC 140 stars

by mellow-hype · poc

https://github.com/mellow-hype/cve-2024-20017

View Code ZIP pw:eip

References (4)

[Vendor Advisory] https://corp.mediatek.com/product-security-bulletin/March-2024

[Exploit, Technical Description, Third Party Advisory] https://blog.coffinsec.com/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html

[Exploit, Third Party Advisory] https://blog.sonicwall.com/en-us/2024/09/critical-exploit-in-mediatek-wi-fi-chipsets-zero-click-vulnerability-cve-2024-20017-threatens-routers-and-smartphones/

[Third Party Advisory] https://news.ycombinator.com/item?id=41605680

Scores

CVSS v3 9.8

EPSS 0.6816

EPSS Percentile 98.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-20 CWE-787

Status published

Products (3)

mediatek/software_development_kit < 7.4.0.1

openwrt/openwrt 19.07.0

openwrt/openwrt 21.02.0

Published Mar 04, 2024

Tracked Since Feb 18, 2026