CVE-2024-20082

CVSS 9.8 CRITICALEPSS 1.4%CWE-119

In short

A modem firmware lacks proper validation when processing certain data, allowing attackers to overwrite memory and execute malicious code remotely without any special access or user action required.

Technical detail

A bounds check vulnerability in modem firmware enables remote memory corruption (CWE-119) via network-based input vectors. The absence of buffer validation allows arbitrary code execution in kernel context without requiring elevated privileges or user interaction, presenting immediate remote exploitation risk.

Summary generated and translated by AI from the official description.

In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01182594; Issue ID: MSV-1529.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

MediaTek, Inc. · MT2735, MT2737, MT6833, MT6835, MT6835T, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895T, MT6896, MT6897, MT6980, MT6980D, MT6983, MT6985, MT6989, MT6990

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://corp.mediatek.com/product-security-bulletin/August-2024