Critical MediaTek flaw exposes phones and Wi-Fi routers to attack
Take action: Check if your devices have a MediaTek chipsets. If they do, review the latest available firmware for the chipset and apply it. If you are running OpenWRT, update it to latest available version.
Learn More
A zero-click vulnerability, tracked as CVE-2024-20017 (CVSS score 9.8), has been identified in MediaTek Wi-Fi chipsets and driver bundles, affecting a wide range of routers and smartphones from manufacturers such as Ubiquiti, Xiaomi, and Netgear.
This vulnerability, discovered by researchers from SonicWall Capture Labs, allows for remote code execution (RCE) without requiring any user interaction, making it an especially dangerous exploit for affected devices.
The vulnerability, found in MediaTek SDK versions 7.4.0.1 and earlier, and OpenWrt 19.07 and 21.02, affects devices that use the MediaTek MT7622/MT7915 and RTxxxx SoftAP chipsets.
The vulnerability occurs in the IAPP_RcvHandlerSSB function within wappd, where an attacker can send a specially crafted packet to trigger a stack buffer overflow of up to 1433 bytes. The overflow happens because a length value from the packet is inserted directly into memory without proper bounds checking. Attackers can exploit this to overwrite critical memory locations, enabling them to run arbitrary commands, such as establishing a reverse shell using the system() call and existing tools like Netcat.
This vulnerability affects a wide range of routers and smartphones, including but not limited to:
- Ubiquiti
- Xiaomi
- Netgear
Users should apply the latest MediaTek firmware patches immediately to mitigate this vulnerability. Users should also ensure they are running the most up-to-date versions of firmware for any affected OpenWrt systems.
