CVE-2024-20154

HIGH

MediaTek Modem - Rogue Base Station Remote Code Execution

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-20154. PoCs published by sneakid.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2024-20154, a stack-based buffer overflow in MediaTek MT6769 baseband firmware affecting NB-IoT SIB1-NB processing. It includes static/dynamic analysis, firmware extraction, and vulnerability root cause without weaponized exploit code.

Description

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00720348; Issue ID: MSV-2392.

Exploits (1)

github WRITEUP
by sneakid · poc
https://github.com/sneakid/CVE-2024-20154

This repository provides a detailed technical analysis of CVE-2024-20154, a stack-based buffer overflow in MediaTek MT6769 baseband firmware affecting NB-IoT SIB1-NB processing. It includes static/dynamic analysis, firmware extraction, and vulnerability root cause without weaponized exploit code.

Classification
Writeup 100%
Attack Type
Rce
Complexity
Complex
Reliability
Theoretical
Target: MediaTek MT6769 Baseband Firmware (MOLY LR12A.R3.TC10.6M.A14.PR.SP.V1.P5)
No auth needed
Prerequisites: Samsung Galaxy A14 (SM-A145R) with vulnerable firmware · NB-IoT broadcast transmission capability
mistral-large-3 · analyzed Jun 10, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 8.8
EPSS 0.0394
EPSS Percentile 89.2%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-121 CWE-787
Status published
Products (5)
mediatek/lr12a
mediatek/lr13
mediatek/nr16.r1.mp
mediatek/nr16.r1.mp1mp2.mp
mediatek/nr16.r2.mp
Published Jan 06, 2025
Tracked Since Feb 18, 2026