CVE-2024-20040

moderate-risk
Published 2024-04-01

In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08360153 (for MT6XXX chipsets) / WCNCR00363530 (for MT79XX chipsets); Issue ID: MSV-979.

Do I need to act?

-
0.89% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
ADJACENT_NETWORK / LOW complexity

Affected Products (9)

Affected Vendors

Linux Google Linuxfoundation Openwrt Rdkcentral

References (2)

Vendor Advisory https://corp.mediatek.com/product-security-bulletin/April-2024
Vendor Advisory https://corp.mediatek.com/product-security-bulletin/April-2024
45
/ 100
moderate-risk
Severity 27/34 · High
Exploitability 3/34 · Minimal
Exposure 15/34 · Moderate