CVE-2024-20154
published 2025-01-06CVE-2024-20154: In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue…
PriorityP259high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
EPSS
3.94%
89.1th percentile
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00720348; Issue ID: MSV-2392.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2024-20154 is exploitable over-the-air via a rogue/malicious base station (rogue BTS/eNB/gNB); monitor for UEs connecting to unexpected or unauthorized base stations as a potential exploitation vector. ↗
- →The vulnerability is in the MediaTek Modem component (MOLY firmware); focus detection on MediaTek modem firmware versions lacking patch MOLY00720348. ↗
- →No user interaction is required and no additional privileges are needed; exploitation is fully remote and silent, making network-layer anomaly detection (e.g., unexpected base station signals, IMSI catcher indicators) the primary detection surface. ↗
- →Android Security Bulletin January 2025 classifies this as CRITICAL severity in the Modem component; patch reference A-376809176 / M-MOLY00720348 can be used to verify patch status on affected devices. ↗
- ·The patch is marked with an asterisk (*) in the Android Security Bulletin, indicating it may not be publicly available; affected OEMs must obtain the fix directly from MediaTek. ↗
- ·Exploitation requires the victim UE to have connected to an attacker-controlled rogue base station; the attack is entirely at the radio/modem layer and may not generate application-layer telemetry. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Android
CVE-2024-20154: Modem
vendor_android·2025-01-01·CVSS 8.8
CVE-2024-20154 [HIGH] CVE-2024-20154: Modem
Android Security Bulletin 2025-01-01
CVE: CVE-2024-20154
Severity: CRITICAL
Component: Modem
References: A-376809176
M-MOLY00720348 *
GHSA
GHSA-vvc3-x74m-rg8v: In Modem, there is a possible out of bounds write due to a missing bounds check
ghsa_unreviewed·2025-01-06
CVE-2024-20154 [HIGH] CWE-121 GHSA-vvc3-x74m-rg8v: In Modem, there is a possible out of bounds write due to a missing bounds check
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00720348; Issue ID: MSV-2392.
No detection rules found.
No public exploits indexed.
2025-01-06
Published