#VU87948 Improper input validation in MediaTek products - CVE-2024-20040

Vulnerability identifier: #VU87948

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-20040

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
MT2713
MT6580
MT6761
MT6762
MT6768
MT6789
MT6833
MT6855
MT6879
MT6886
MT6890
MT6895
MT6983
MT6985
MT6989
MT6990
MT7902
MT7915
MT7916
MT7920
MT7921
MT7922
MT7925
MT7927
MT7981
MT7986
MT8188
MT8195
MT8370
MT8390
MT8395
MT8532
MT8673
MT8678
MT8781
MT8791T
MT8792
MT8796
MT8798
MT6781
MT6853
MT6853T
MT6873
MT6875
MT6877
MT6883
MT6885
MT6889
MT6891
MT6893
MT8797
MT8518S

Software vendor:
MediaTek

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within wlan firmware. A local application can execute arbitrary code.

Install security update from vendor's website.

• https://corp.mediatek.com/product-security-bulletin/April-2024