Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU95375
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20082
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to a missing bounds check within Modem. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsMT2735: All versions
MT2737: All versions
MT6833: All versions
MT6835: All versions
MT6835T: All versions
MT6853: All versions
MT6855: All versions
MT6873: All versions
MT6875: All versions
MT6875T: All versions
MT6877: All versions
MT6879: All versions
MT6880: All versions
MT6883: All versions
MT6885: All versions
MT6886: All versions
MT6889: All versions
MT6890: All versions
MT6891: All versions
MT6893: All versions
MT6895: All versions
MT6895T: All versions
MT6896: All versions
MT6897: All versions
MT6980: All versions
MT6980D: All versions
MT6983: All versions
MT6985: All versions
MT6989: All versions
MT6990: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/August-2024
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU95376
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-20083
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to a missing bounds check within venc. A local privileged application can execute arbitrary code.
MitigationInstall security update from vendor's website.
Vulnerable software versionsMT6765: All versions
MT6768: All versions
MT6779: All versions
MT6785: All versions
MT8321: All versions
MT8385: All versions
MT8666: All versions
MT8667: All versions
MT8755: All versions
MT8765: All versions
MT8766: All versions
MT8768: All versions
MT8771: All versions
MT8775: All versions
MT8781: All versions
MT8786: All versions
MT8788: All versions
MT8789: All versions
MT8791T: All versions
MT8792: All versions
MT8795T: All versions
MT8796: All versions
MT8797: All versions
MT8798: All versions
External linkshttp://corp.mediatek.com/product-security-bulletin/August-2024
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.