cbcvebase.
CVE-2024-20154
published 2025-01-06

CVE-2024-20154: In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue…

PriorityP259high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
EPSS
3.94%
89.1th percentile
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00720348; Issue ID: MSV-2392.

Affected

1 ranges
VendorProductVersion rangeFixed in
googleandroid

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2024-20154 is exploitable over-the-air via a rogue/malicious base station (rogue BTS/eNB/gNB); monitor for UEs connecting to unexpected or unauthorized base stations as a potential exploitation vector.
  • The vulnerability is in the MediaTek Modem component (MOLY firmware); focus detection on MediaTek modem firmware versions lacking patch MOLY00720348.
  • No user interaction is required and no additional privileges are needed; exploitation is fully remote and silent, making network-layer anomaly detection (e.g., unexpected base station signals, IMSI catcher indicators) the primary detection surface.
  • Android Security Bulletin January 2025 classifies this as CRITICAL severity in the Modem component; patch reference A-376809176 / M-MOLY00720348 can be used to verify patch status on affected devices.
  • ·The patch is marked with an asterisk (*) in the Android Security Bulletin, indicating it may not be publicly available; affected OEMs must obtain the fix directly from MediaTek.
  • ·Exploitation requires the victim UE to have connected to an attacker-controlled rogue base station; the attack is entirely at the radio/modem layer and may not generate application-layer telemetry.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.