cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-20153,https://securityvulnerability.io/vulnerability/CVE-2024-20153,"Vulnerability in wlan STA, affecting MediaTek products","A vulnerability has been identified in wlan STA, allowing attackers to deceive clients into connecting to a rogue access point (AP) with a spoofed SSID. This manipulation can result in remote information disclosure without requiring any execution privileges or user interaction, making it particularly concerning for users of various MediaTek wireless products. Patches have been issued under IDs ALPS08990446 and ALPS09057442 to mitigate this issue.",MediaTek,"Mt2737, Mt6989, Mt6991, Mt7925, Mt8365, Mt8518s, Mt8532, Mt8666, Mt8667, Mt8673, Mt8676, Mt8678, Mt8755, Mt8766, Mt8768, Mt8775, Mt8781, Mt8786, Mt8788, Mt8796, Mt8798, Mt8893",7.5,HIGH,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-06T03:18:01.542Z,0
CVE-2024-20152,https://securityvulnerability.io/vulnerability/CVE-2024-20152,Local Denial of Service in MediaTek wlan STA Driver,"A vulnerability exists in the wlan STA driver from MediaTek, characterized by improper exception handling leading to a reachable assertion. If exploited by a malicious actor with system privileges, this flaw can result in local denial of service. Crucially, user interaction is not needed for exploitation, making it a significant concern for impacted systems. Vendors are advised to apply the relevant patches (Patch ID: WCNCR00389047 / ALPS09136505) to mitigate risk.",MediaTek,"Mt2737, Mt3603, Mt6835, Mt6878, Mt6886, Mt6897, Mt6990, Mt7902, Mt7920, Mt7922, Mt8518s, Mt8532, Mt8755, Mt8766, Mt8768, Mt8775, Mt8781, Mt8796, Mt8798, Mt8893",4.4,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-06T03:17:59.918Z,0
CVE-2024-20151,https://securityvulnerability.io/vulnerability/CVE-2024-20151,Out of Bounds Write Vulnerability in Mediatek Modem,"A potential local privilege escalation vulnerability has been identified in Mediatek's Modem resulting from an out of bounds write due to improper bounds checking. This flaw allows an attacker, having already gained system privileges, to exploit the vulnerability without requiring user interaction. Prompt remediation is advised to safeguard against potential exploitation. For more details, refer to the official Mediatek product security bulletin.",MediaTek,"Mt2737, Mt2739, Mt6789, Mt6813, Mt6815, Mt6835, Mt6835t, Mt6855, Mt6878, Mt6878t, Mt6879, Mt6886, Mt6895, Mt6895t, Mt6896, Mt6897, Mt6899, Mt6980, Mt6980d, Mt6983, Mt6985, Mt6986, Mt6986d, Mt6988, Mt6989, Mt6990, Mt6991, Mt8676, Mt8678, Mt8798, Mt8863",6.7,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-06T03:17:58.239Z,0
CVE-2024-20150,https://securityvulnerability.io/vulnerability/CVE-2024-20150,Logic Error Vulnerability in Modem Affects MediaTek Products,"A logic error in MediaTek's modem can result in potential system crashes, allowing for a remote denial of service without requiring additional execution privileges or user interaction. This vulnerability poses a threat as it can be exploited remotely, impacting the stability of affected systems. Users and organizations relying on MediaTek technology should be aware of this issue and seek necessary patches to ensure their devices remain secure.",MediaTek,"Mt2735, Mt2737, Mt6767, Mt6768, Mt6769, Mt6769k, Mt6769s, Mt6769t, Mt6769z, Mt6779, Mt6781, Mt6783, Mt6785, Mt6785t, Mt6785u, Mt6789, Mt6833p, Mt6835, Mt6835t, Mt6853, Mt6853t, Mt6855, Mt6855t, Mt6873, Mt6875, Mt6875t, Mt6877, Mt6877t, Mt6877tt, Mt6878, Mt6878m, Mt6879, Mt6880, Mt6880t, Mt6880u, Mt6883, Mt6885, Mt6886, Mt6889, Mt6890, Mt6891, Mt6893, Mt6895, Mt6895tt, Mt6896, Mt6897, Mt6899, Mt6980, Mt6980d, Mt6983t, Mt6985, Mt6985t, Mt6989, Mt6989t, Mt6990, Mt6991, Mt8666, Mt8673, Mt8675, Mt8676, Mt8678, Mt8765, Mt8766, Mt8768, Mt8771, Mt8781, Mt8786, Mt8788, Mt8788e, Mt8789, Mt8791t, Mt8795t, Mt8797, Mt8798, Mt8863",7.5,HIGH,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-06T03:17:56.513Z,0
CVE-2024-20149,https://securityvulnerability.io/vulnerability/CVE-2024-20149,Input Validation Flaw in Modem Software from MediaTek,"An input validation flaw in MediaTek's Modem software allows for the potential occurrence of a system crash. This vulnerability can be exploited remotely, resulting in a denial of service without requiring any privileges or user interaction. The issue has been identified in the modem software with specific patch IDs including MOLY01231341, MOLY01263331, and MOLY01233835, highlighting the importance of timely updates to mitigate risks.",MediaTek,"Mt2735, Mt2737, Mt6767, Mt6768, Mt6769, Mt6769k, Mt6769s, Mt6769t, Mt6769z, Mt6779, Mt6781, Mt6783, Mt6785, Mt6785t, Mt6785u, Mt6789, Mt6833p, Mt6835, Mt6835t, Mt6853, Mt6853t, Mt6855, Mt6855t, Mt6873, Mt6875, Mt6875t, Mt6877, Mt6877t, Mt6877tt, Mt6878, Mt6878m, Mt6879, Mt6880, Mt6880t, Mt6880u, Mt6883, Mt6885, Mt6886, Mt6889, Mt6890, Mt6891, Mt6893, Mt6895, Mt6895tt, Mt6896, Mt6897, Mt6899, Mt6980, Mt6980d, Mt6983t, Mt6985, Mt6985t, Mt6989, Mt6989t, Mt6990, Mt6991, Mt8666, Mt8673, Mt8675, Mt8676, Mt8678, Mt8765, Mt8766, Mt8768, Mt8771, Mt8781, Mt8786, Mt8788, Mt8788e, Mt8789, Mt8791t, Mt8795t, Mt8797, Mt8798, Mt8863",7.5,HIGH,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-06T03:17:54.848Z,0
CVE-2024-20105,https://securityvulnerability.io/vulnerability/CVE-2024-20105,Out of Bounds Write Vulnerability in m4u by MediaTek,"The vulnerability in m4u presented by MediaTek arises from an out of bounds write caused by a lack of appropriate bounds checking. This security flaw poses significant risks as it allows a malicious actor, who has already gained system privileges, to exploit the vulnerability without the need for user interaction. This type of attack may lead to local escalation of privileges, potentially compromising the integrity and security of the affected systems. MediaTek has acknowledged the issue and encourages users to apply the necessary patches to safeguard against these risks.",MediaTek,"Mt6580, Mt6739, Mt6761, Mt6765, Mt6768, Mt6779, Mt6781, Mt6785, Mt6789, Mt6833, Mt6853, Mt6855, Mt6873, Mt6877, Mt6879, Mt6883, Mt6885, Mt6889, Mt6893, Mt6895, Mt6983, Mt8666, Mt8667, Mt8673, Mt8768",6.7,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-06T03:17:53.258Z,0
CVE-2024-20148,https://securityvulnerability.io/vulnerability/CVE-2024-20148,Out of Bounds Write Vulnerability in Mediatek WLAN STA Firmware,"A vulnerability in Mediatek's WLAN STA firmware allows for a possible out of bounds write due to improper input validation. This flaw enables remote code execution without requiring any user interaction or additional privileges. Implementing the latest patches (Patch ID: WCNCR00389045 / ALPS09136494) is essential to safeguard affected systems from exploitation. For more information, visit the Mediatek product security bulletin.",MediaTek,"Mt3603, Mt6835, Mt6878, Mt6886, Mt6897, Mt7902, Mt7920, Mt7922, Mt8518s, Mt8532, Mt8766, Mt8768, Mt8775, Mt8796, Mt8798",9.8,CRITICAL,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-06T03:17:51.547Z,0
CVE-2024-20146,https://securityvulnerability.io/vulnerability/CVE-2024-20146,Out of Bounds Write Vulnerability in Mediatek WLAN Driver,"A vulnerability has been identified in the Mediatek WLAN STA driver, allowing for a potential out of bounds write due to improper input validation. This flaw could enable attackers to execute arbitrary code remotely, without requiring any additional execution privileges or user interactions. If exploited, this could severely compromise the security of affected systems. Immediate action is recommended to mitigate the risks associated with this type of vulnerability.",MediaTek,"Mt2737, Mt3603, Mt6835, Mt6878, Mt6886, Mt6897, Mt6990, Mt7902, Mt7920, Mt7922, Mt8365, Mt8518s, Mt8532, Mt8666, Mt8667, Mt8673, Mt8755, Mt8766, Mt8768, Mt8775, Mt8781, Mt8786, Mt8788, Mt8796, Mt8798, Mt8893",8.1,HIGH,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-06T03:17:49.872Z,0
CVE-2024-20145,https://securityvulnerability.io/vulnerability/CVE-2024-20145,Out of Bounds Write Vulnerability in MediaTek V6 DA Products,"A potential out of bounds write vulnerability exists in MediaTek's V6 DA due to an inadequate bounds check. This flaw may allow a local attacker who has physical access to the device to escalate privileges without needing any additional execution permissions. Successful exploitation requires user interaction, making it essential for users to be vigilant about device security. For mitigation, it is recommended to apply the available patches and updates. For more details, refer to the official security bulletin.",MediaTek,"Mt2737, Mt6781, Mt6789, Mt6835, Mt6855, Mt6878, Mt6879, Mt6880, Mt6886, Mt6890, Mt6895, Mt6897, Mt6980, Mt6983, Mt6985, Mt6989, Mt6990, Mt8676",6.6,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-06T03:17:48.166Z,0
CVE-2024-20144,https://securityvulnerability.io/vulnerability/CVE-2024-20144,Out of Bounds Write Vulnerability in V6 DA by MediaTek,"The V6 DA product by MediaTek contains a vulnerability that allows for an out of bounds write due to a missing bounds check. This vulnerability requires physical access to the device for exploitation, as it necessitates user interaction. It poses a risk of local escalation of privilege, enabling attackers without additional execution privileges to potentially manipulate device operations. This issue has been identified with Patch ID ALPS09167056 and Issue ID MSV-2041.",MediaTek,"Mt2737, Mt6739, Mt6761, Mt6765, Mt6768, Mt6771, Mt6779, Mt6781, Mt6785, Mt6789, Mt6833, Mt6835, Mt6853, Mt6855, Mt6873, Mt6877, Mt6878, Mt6879, Mt6880, Mt6885, Mt6886, Mt6890, Mt6893, Mt6895, Mt6897, Mt6980, Mt6985, Mt6989, Mt6990, Mt8370, Mt8390, Mt8676",6.6,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-06T03:17:46.455Z,0
CVE-2024-20143,https://securityvulnerability.io/vulnerability/CVE-2024-20143,Out of Bounds Write Vulnerability in V6 DA by MediaTek,"In V6 DA by MediaTek, a vulnerability exists due to a lack of proper bounds checking, which can lead to an out of bounds write condition. This oversight may allow an attacker with physical access to the device to escalate privileges locally. The exploitation requires user interaction, adding a layer of complexity to the attack. To mitigate this issue, the user needs to apply the latest patch (Patch ID: ALPS09167056; Issue ID: MSV-2069) as advised by MediaTek.",MediaTek,"Mt2737, Mt6781, Mt6789, Mt6835, Mt6855, Mt6878, Mt6879, Mt6880, Mt6886, Mt6890, Mt6895, Mt6897, Mt6980, Mt6983, Mt6985, Mt6989, Mt6990, Mt8370, Mt8390, Mt8676",6.6,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-06T03:17:44.887Z,0
CVE-2024-20140,https://securityvulnerability.io/vulnerability/CVE-2024-20140,Out of Bounds Write Vulnerability in MediaTek Power Products,"The vulnerability arises from a missing bounds check in MediaTek's power management systems, enabling a potential out of bounds write scenario. If exploited, a malicious actor who has already acquired system privileges could escalate their access without needing user interaction. This flaw emphasizes the importance of immediate patching to mitigate unauthorized access risks.",MediaTek,"Mt6739, Mt6761, Mt6768, Mt6781, Mt6833, Mt6853, Mt6877, Mt6885, Mt6893, Mt8518s, Mt8532",6.7,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-06T03:17:43.276Z,0
CVE-2024-20154,https://securityvulnerability.io/vulnerability/CVE-2024-20154,Out of Bounds Write Vulnerability in MediaTek Modem,"A vulnerability has been identified in MediaTek Modem due to a missing bounds check, resulting in a possible out of bounds write. This flaw allows for remote code execution if an unwitting user connects to a malicious base station operated by an attacker. No local execution privileges or user interaction are required for exploitation, making this a serious risk for affected products. Users are strongly encouraged to apply the necessary patches provided by the vendor to mitigate this issue.",MediaTek,"Mt2735, Mt6767, Mt6768, Mt6769, Mt6769k, Mt6769s, Mt6769t, Mt6769z, Mt6779, Mt6781, Mt6783, Mt6785, Mt6785t, Mt6785u, Mt6789, Mt6833p, Mt6853, Mt6853t, Mt6855, Mt6855t, Mt6873, Mt6875, Mt6875t, Mt6877, Mt6877t, Mt6877tt, Mt6880, Mt6880t, Mt6880u, Mt6883, Mt6885, Mt6889, Mt6890, Mt6891, Mt6893, Mt8666, Mt8673, Mt8675, Mt8765, Mt8766, Mt8768, Mt8771, Mt8781, Mt8786, Mt8788, Mt8788e, Mt8789, Mt8791t, Mt8795t, Mt8797, Mt8798",8.1,HIGH,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-06T03:17:41.540Z,386
CVE-2024-56685,https://securityvulnerability.io/vulnerability/CVE-2024-56685,Sound Card Driver Vulnerability in Mediatek Devices,"A significant vulnerability affecting sound card drivers in Mediatek's platforms may lead to kernel panic when probing devices due to improper handling of dummy codecs. In specific instances involving mt8188 and mt8195 drivers, attempts to access codec fields when no valid codec is available can result in null pointer dereference, thereby compromising system stability. The root cause lies in the initialization of dummy component arrays which may be left uninitialized at probe time. Affected drivers must ensure that the number of codecs is verified before dereferencing any codec information to prevent undefined behavior during initialization.",Mediatek,,,,0.00044999999227002263,false,false,false,false,false,false,false,2024-12-28T10:15:00.000Z,0
CVE-2024-56684,https://securityvulnerability.io/vulnerability/CVE-2024-56684,Improper Handling of Clock Data in Linux Kernel by MediaTek,"This vulnerability pertains to the Linux kernel's mailbox subsystem, specifically within the MediaTek implementation. It arises from an incorrect usage of the 'sizeof' operator in the cmdq_get_clocks() function, where the size of the clk_bulk_data structure should be calculated instead of the data pointer passed to the devm_kcalloc() function. This miscalculation can potentially result in memory corruption or improper memory allocation. Addressing this issue is critical to maintain the integrity and security of affected MediaTek products.",MediaTek,,,,0.00044999999227002263,false,false,false,false,false,false,false,2024-12-28T10:15:00.000Z,0
CVE-2024-20139,https://securityvulnerability.io/vulnerability/CVE-2024-20139,Possible Firmware Vulnerability in Bluetooth Firmware Could Lead to Local Denial of Service,"In Bluetooth firmware, there is a possible firmware asssert due to improper handling of exceptional conditions. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09001270; Issue ID: MSV-1600.",MediaTek,"Mt2737, Mt3605, Mt6985, Mt6989, Mt6990, Mt7925, Mt7927, Mt8518s, Mt8532, Mt8678",,,0.0004299999854993075,false,false,false,false,,false,false,2024-12-02T03:07:17.028Z,0
CVE-2024-20138,https://securityvulnerability.io/vulnerability/CVE-2024-20138,Possible Out of Bound Read Vulnerability in WLAN Driver Could Lead to Remote Information Disclosure,"In wlan driver, there is a possible out of bound read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998291; Issue ID: MSV-1604.",MediaTek,"Mt3605, Mt6985, Mt6989, Mt6990, Mt7925, Mt7927, Mt8195, Mt8370, Mt8390",,,0.0004299999854993075,false,false,false,false,,false,false,2024-12-02T03:07:15.445Z,0
CVE-2024-20116,https://securityvulnerability.io/vulnerability/CVE-2024-20116,Possible Out of Bounds Read Vulnerability in cmdq Could Lead to Local Information Disclosure,"A notable vulnerability exists in MediaTek's cmdq component, identified as an out of bounds read due to an insufficient bounds check. This flaw can potentially allow for the disclosure of local information, requiring system execution privileges for exploitation. Importantly, this vulnerability does not necessitate any user interaction, making it a particularly concerning issue for affected systems. Remediation efforts and patches are advised to mitigate the risk posed by this vulnerability.",MediaTek,"Mt6765, Mt6768, Mt6779, Mt6781, Mt6785, Mt6789, Mt8765, Mt8766, Mt8768, Mt8771, Mt8781, Mt8786, Mt8788, Mt8789, Mt8791t, Mt8795t, Mt8797, Mt8798",,,0.0004299999854993075,false,false,false,false,,false,false,2024-12-02T03:07:13.501Z,0
CVE-2024-20137,https://securityvulnerability.io/vulnerability/CVE-2024-20137,Possible Client Disconnection due to Improper Handling of Exceptional Conditions,"In wlan driver, there is a possible client disconnection due to improper handling of exceptional conditions. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00384543; Issue ID: MSV-1727.",MediaTek,"Mt6890, Mt7622, Mt7915, Mt7916, Mt7981, Mt7986",,,0.0004299999854993075,false,false,false,false,,false,false,2024-12-02T03:07:11.803Z,0
CVE-2024-20136,https://securityvulnerability.io/vulnerability/CVE-2024-20136,Possible Out-of-Bounds Read Vulnerability in Unknown Context,"In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09121847; Issue ID: MSV-1821.",MediaTek,"Mt2737, Mt6781, Mt6789, Mt6855, Mt6878, Mt6879, Mt6880, Mt6886, Mt6890, Mt6895, Mt6897, Mt6980, Mt6983, Mt6985, Mt6989, Mt6990, Mt8195, Mt8370, Mt8390, Mt8673, Mt8676, Mt8678, Mt8755, Mt8775, Mt8781, Mt8795t, Mt8796, Mt8798, Mt8893",,,0.0004299999854993075,false,false,false,false,,false,false,2024-12-02T03:07:09.915Z,0
CVE-2024-20135,https://securityvulnerability.io/vulnerability/CVE-2024-20135,Possible Out of Bounds Write in SoundTrigger Leads to Local Escalation of Privilege,"In soundtrigger, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09142526; Issue ID: MSV-1841.",MediaTek,"Mt6768, Mt6781, Mt6833, Mt6853, Mt6877, Mt6878, Mt6893, Mt6897, Mt6989, Mt8775, Mt8796, Mt9687",,,0.0004299999854993075,false,false,false,false,,false,false,2024-12-02T03:07:08.255Z,0
CVE-2024-20134,https://securityvulnerability.io/vulnerability/CVE-2024-20134,Possible Out-of-Bounds Write Leads to Local Escalation of Privilege,"In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09154589; Issue ID: MSV-1866.",MediaTek,"Mt6835, Mt6878, Mt6879, Mt6895, Mt6896, Mt6897, Mt6983, Mt6985, Mt6989, Mt8755, Mt8775, Mt8796, Mt8798",,,0.0004299999854993075,false,false,false,false,,false,false,2024-12-02T03:07:06.661Z,0
CVE-2024-20133,https://securityvulnerability.io/vulnerability/CVE-2024-20133,Possible Escalation of Privilege in Modem Due to Incorrect Bounds Check,"In Modem, there is a possible escalation of privilege due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01395886; Issue ID: MSV-1871.",MediaTek,"Mt6879, Mt6886, Mt6895, Mt6895t, Mt6896, Mt6980, Mt6983, Mt8673, Mt8676, Mt8795t, Mt8798",,,0.0004299999854993075,false,false,false,false,,false,false,2024-12-02T03:07:05.067Z,0
CVE-2024-20132,https://securityvulnerability.io/vulnerability/CVE-2024-20132,Potential Local Escalation of Privilege Vulnerability in Modem,"In Modem, there is a possible out of bonds write due to a mission bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00957388; Issue ID: MSV-1872.",MediaTek,"Mt2737, Mt6298, Mt6879, Mt6886, Mt6895, Mt6895t, Mt6896, Mt6980, Mt6980d, Mt6983, Mt6985, Mt6989, Mt6990, Mt8673, Mt8676, Mt8795t, Mt8798",,,0.0004299999854993075,false,false,false,false,,false,false,2024-12-02T03:07:03.438Z,0
CVE-2024-20131,https://securityvulnerability.io/vulnerability/CVE-2024-20131,Possible Escalation of Privilege Vulnerability in Modem,"In Modem, there is a possible escalation of privilege due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01395886; Issue ID: MSV-1873.",MediaTek,"Mt2737, Mt2739, Mt6789, Mt6813, Mt6815, Mt6835, Mt6835t, Mt6855, Mt6878, Mt6878t, Mt6879, Mt6886, Mt6895, Mt6895t, Mt6896, Mt6897, Mt6899, Mt6980, Mt6980d, Mt6983, Mt6985, Mt6986, Mt6986d, Mt6988, Mt6989, Mt6990, Mt6991, Mt8673, Mt8676, Mt8795t, Mt8798",,,0.0004299999854993075,false,false,false,false,,false,false,2024-12-02T03:07:01.838Z,0