CVE-2024-20070

CVE-2024-20070

Vendor Mediatek, Inc.
Product MT6298, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6875T, MT6877, MT6878, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6895T, MT6896, MT6897, MT6980, MT6980D, MT6983, MT6990, MT8673, MT8675, MT8765, MT8766, MT8768, MT87
Weakness CWE-327 · Broken crypto
Published June 3, 2024
Last update November 15, 2024

CVSS base score

What the vulnerability does

01Description

In modem, there is a possible information disclosure due to using risky cryptographic algorithm during connection establishment negotiation. This could lead to remote information disclosure, when weak encryption algorithm is used, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00942482; Issue ID: MSV-1469.

Key dates

02Disclosure timeline

June 3, 2024 CVE published
November 15, 2024 Record updated