A critical-rated zero-click vulnerability [2] [3], CVE-2024-20017 [1] [2] [3] [4], with a CVSS score of 9.8 [1] [2] [3], has been discovered in MediaTek Wi-Fi chipsets MT7622/MT7915 and RTxxxx SoftAP driver bundles used in products from various manufacturers [3], including Ubiquiti [2] [3], Xiaomi [1] [2] [3] [4], and Netgear [1] [2] [3] [4].

Description

This vulnerability allows for remote code execution without user interaction and is located in the wappd network daemon [3] [4]. Researchers at SonicWall Capture Labs found that the vulnerability affects routers and smartphones running MediaTek SDK versions 7.4.0.1 and earlier, as well as OpenWrt 19.07 and 21.02 [1] [2] [3]. Exploiting the vulnerability involves triggering a buffer overflow by sending a packet with specific structures and payload [3]. It is recommended that users apply available patches promptly to prevent remote code execution. A public proof-of-concept exploit has been identified [2], increasing the urgency for affected users to apply patches promptly [2]. The flaw is located in the network daemon [2], wappd [1] [2] [3] [4], which manages wireless interfaces and access points [1] [2]. It involves a buffer overflow triggered by attacker-controlled packet data [2], leading to a memory copy without bounds checking [2]. Attackers can exploit this flaw to take full control of devices [2], emphasizing the importance of applying available patches promptly to mitigate the risk of exploitation [2].

Conclusion

It is crucial for users of affected devices to apply available patches promptly to prevent remote code execution and potential exploitation. The discovery of this vulnerability highlights the importance of ongoing security updates and vigilance in protecting against cyber threats.

References

[1] https://www.darkreading.com/vulnerabilities-threats/zero-click-mediatek-bug-phones-wifi-takeover
[2] https://www.phoneworld.com.pk/critical-zero-click-vulnerability-hits-mediatek-wi-fi-chipsets-immediate-patches-required/
[3] https://blog.sonicwall.com/en-us/2024/09/critical-exploit-in-mediatek-wi-fi-chipsets-zero-click-vulnerability-cve-2024-20017-threatens-routers-and-smartphones/
[4] https://cybersecuritynews.com/0-click-rce-vulnerability-mediatek/