CVE-2024-20148
published 2025-01-06CVE-2024-20148: In wlan STA FW, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no…
PriorityP359critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.25%
16.7th percentile
In wlan STA FW, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389045 / ALPS09136494; Issue ID: MSV-1796.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| linuxfoundation | yocto | — | — |
| linuxfoundation | yocto | — | — |
| linuxfoundation | yocto | — | — |
| mediatek | software_development_kit | <= 2.4 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cqhv-985j-2frf: In wlan STA FW, there is a possible out of bounds write due to improper input validation
ghsa_unreviewed·2025-01-06
CVE-2024-20148 [CRITICAL] CWE-787 GHSA-cqhv-985j-2frf: In wlan STA FW, there is a possible out of bounds write due to improper input validation
In wlan STA FW, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389045 / ALPS09136494; Issue ID: MSV-1796.
Android
CVE-2024-20148: wlan
vendor_android·2025-01-01·CVSS 9.8
CVE-2024-20148 [CRITICAL] CVE-2024-20148: wlan
Android Security Bulletin 2025-01-01
CVE: CVE-2024-20148
Severity: HIGH
Component: wlan
References: A-376814212
M-ALPS09136494 *
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-01-06
Published