CVE-2024-20148

CVE-2024-20148

Vendor Mediatek, Inc.
Product MT3603, MT6835, MT6878, MT6886, MT6897, MT7902, MT7920, MT7922, MT8518S, MT8532, MT8766, MT8768, MT8775, MT8796, MT8798
Weakness CWE-787
Published January 6, 2025
Last update February 26, 2026

CVSS base score

What the vulnerability does

01Description

In wlan STA FW, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389045 / ALPS09136494; Issue ID: MSV-1796.

Key dates

02Disclosure timeline

January 6, 2025 CVE published
February 26, 2026 Record updated