Missing Critical Step in Authentication in MediaTek products - CVE-2024-20153
Published: January 6, 2025
Vulnerability identifier: #VU102352
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-20153
CWE-ID: CWE-304
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: MediaTek
Affected software:
MT2737
MT6989
MT6991
MT7925
MT8365
MT8532
MT8666
MT8667
MT8673
MT8676
MT8678
MT8755
MT8766
MT8768
MT8775
MT8781
MT8786
MT8788
MT8796
MT8798
MT8893
MT8518S
MT2737
MT6989
MT6991
MT7925
MT8365
MT8532
MT8666
MT8667
MT8673
MT8676
MT8678
MT8755
MT8766
MT8768
MT8775
MT8781
MT8786
MT8788
MT8796
MT8798
MT8893
MT8518S
Detailed vulnerability description
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within wlan. A local application can gain access to sensitive information.
How to mitigate CVE-2024-20153
Install security update from vendor's website.