CVE-2024-20017
published 2024-03-04CVE-2024-20017: In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional…
PriorityP179critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
46.33%
98.7th percentile
In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation Patch ID: WCNCR00350938; Issue ID: MSV-1132.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mediatek | software_development_kit | <= 7.4.0.1 | — |
| mediatek | software_development_kit | <= 7.6.7.0 | — |
| openwrt | openwrt | — | — |
| openwrt | openwrt | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cisa9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qr26-2mpm-7j4x: In wlan service, there is a possible out of bounds write due to improper input validation
ghsa_unreviewed·2024-03-04
CVE-2024-20017 [CRITICAL] CWE-20 GHSA-qr26-2mpm-7j4x: In wlan service, there is a possible out of bounds write due to improper input validation
In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation Patch ID: WCNCR00350938; Issue ID: MSV-1132.
CISA
D-Link DSL-2750B Devices Command Injection Vulnerability
cisa·2024-01-08·CVSS 9.8
CVE-2016-20017 [CRITICAL] CWE-77 D-Link DSL-2750B Devices Command Injection Vulnerability
Vulnerability: D-Link DSL-2750B Devices Command Injection Vulnerability
Affected: D-Link DSL-2750B Devices
D-Link DSL-2750B devices contain a command injection vulnerability that allows remote, unauthenticated command injection via the login.cgi cli parameter.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes: https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10088; https://nvd.nist.gov/vuln/detail/CVE-2016-20017
Remediation Due Date: 2024-01-29
Suricata
ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017)
suricata·2023-11-08·CVSS 9.8
CVE-2016-20017 [CRITICAL] ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017)
ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017)
Rule: alert http any any -> $HOME_NET any (msg:"ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/login.cgi?cli="; fast_pattern; http.uri.raw; content:"?cli="; content:"%27"; distance:0; reference:url,www.fortinet.com/blog/threat-research/Iz1h9-campaign-enhances-arsenal-with-scores-of-exploits; reference:cve,2016-20017; classtype:attempted-admin; sid:2049119; rev:2; metadata:affected_product D_Link, attack_target Networking_Equipment, created_at 2023_11_08, cve CVE_2016_20017, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, tag CISA_KEV, updated_at 2024_05_22, mitre_tactic_id TA0008
No public exploits indexed.
No writeups or analysis indexed.
https://corp.mediatek.com/product-security-bulletin/March-2024https://blog.coffinsec.com/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.htmlhttps://blog.sonicwall.com/en-us/2024/09/critical-exploit-in-mediatek-wi-fi-chipsets-zero-click-vulnerability-cve-2024-20017-threatens-routers-and-smartphones/https://corp.mediatek.com/product-security-bulletin/March-2024https://news.ycombinator.com/item?id=41605680
2024-03-04
Published