cbcvebase.
CVE-2024-20103
published 2024-10-07

CVE-2024-20103: In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional…

PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.33%
24.5th percentile
In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09001358; Issue ID: MSV-1599.

Affected

5 ranges
VendorProductVersion rangeFixed in
googleandroid
googleandroid
googleandroid
googleandroid
mediateksoftware_development_kit<= 3.3

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability resides in the WLAN firmware component; monitor for anomalous or malformed WLAN input that could trigger out-of-bounds write conditions on affected MediaTek devices.
  • No user interaction is required and no additional privileges are needed, meaning exploitation can occur entirely remotely over Wi-Fi — prioritize detection at the wireless network layer for unexpected/malformed frames targeting affected devices.
  • Track patch status against MediaTek Patch ID ALPS09001358 / Issue ID MSV-1599 on Android devices; unpatched devices running the October 2024 Android Security Bulletin or earlier are at risk.
  • Android Security Bulletin reference A-359692770 and M-ALPS09001358 can be used to cross-reference vendor advisories and confirm patch application on MediaTek-based Android devices.
  • ·The vulnerability is rated HIGH severity and is limited to the MediaTek WLAN firmware component; not all Android devices are affected — only those using the impacted MediaTek chipset with the unpatched firmware.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.