CVE-2024-20004

CVSS 7.5 HIGHEPSS 1.2%CWE-20

In short

A flaw in Modem NL1 allows attackers to crash the system by sending a malformed network message, causing the device to stop working temporarily without needing special access.

Technical detail

Improper input validation in Modem NL1's handling of NR RRC Connection Setup messages allows an unauthenticated remote attacker to trigger a denial of service condition via crafted network traffic. No elevated privileges or user interaction required; exploitation occurs at the network protocol layer.

Summary generated and translated by AI from the official description.

In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01195812 (MSV-985).

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

MediaTek, Inc. · MT2735, MT6297, MT6833, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8675, MT8791, MT8791T, MT8797

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://corp.mediatek.com/product-security-bulletin/February-2024