CVE-2024-20017

Name of the Vulnerable Software and Affected Versions MediaTek Wi-Fi chipsets (affected versions not specified)

Description The issue is related to a buffer overflow caused by improper input validation in the wlan service, which could lead to remote code execution with no additional execution privileges needed. User interaction is not required for exploitation. The vulnerability is rooted in the wappd network daemon, a critical component of the MediaTek MT7622/MT7915 SDK and RTxxxx SoftAP driver bundle. It affects various devices, including routers and smartphones from multiple OEMs, putting millions at risk. The vulnerability can be exploited in different ways, including four exploits demonstrated by a researcher, which can lead to arbitrary code execution on affected devices.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.