#VU98114 Out-of-bounds write in MediaTek products - CVE-2024-20101
Published: October 8, 2024
Vulnerability identifier: #VU98114
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2024-20101
CWE-ID: CWE-787
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
MT3605
MT6985
MT6989
MT6990
MT7927
MT8183
MT8512
MT8676
MT8678
MT8695
MT8698
MT8755
MT8775
MT8792
MT8796
MT3605
MT6985
MT6989
MT6990
MT7927
MT8183
MT8512
MT8676
MT8678
MT8695
MT8698
MT8755
MT8775
MT8792
MT8796
Software vendor:
MediaTek
MediaTek
Description
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation within wlan. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.
Remediation
Install security update from vendor's website.