CVE-2024-20154
HIGHMediaTek Modem - Rogue Base Station Remote Code Execution
Title source: manualExploitation Summary
EIP tracks 1 public exploit for CVE-2024-20154. PoCs published by sneakid.
AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2024-20154, a stack-based buffer overflow in MediaTek MT6769 baseband firmware affecting NB-IoT SIB1-NB processing. It includes static/dynamic analysis, firmware extraction, and vulnerability root cause without weaponized exploit code.
Description
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00720348; Issue ID: MSV-2392.
Exploits (1)
This repository provides a detailed technical analysis of CVE-2024-20154, a stack-based buffer overflow in MediaTek MT6769 baseband firmware affecting NB-IoT SIB1-NB processing. It includes static/dynamic analysis, firmware extraction, and vulnerability root cause without weaponized exploit code.
References (1)
Scores
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H