Threat Research

Critical Zero-Click Vulnerability (CVE-2024-20017) in MediaTek Wi-Fi Chipsets Poses Threat to Routers and Smartphones

CTI

Two sentences: SonicWall researchers warn of CVE-2024-20017, a critical zero-click vulnerability in MediaTek Wi-Fi chipsets that enables remote code execution without user interaction. Patches are available and users should update firmware immediately; exploitation risk rises as a public PoC becomes accessible. #CVE-2024-20017 #MediaTek #MT7622 #MT7915 #OpenWrt #Ubiquiti #Xiaomi #Netgear

Keypoints

  • Vulnerability ID: CVE-2024-20017
  • CVSS Score: 9.8 (Critical)
  • Affected Devices: MediaTek Wi-Fi chipsets MT7622/MT7915 and RTxxxx SoftAP driver bundles
  • Impact: Remote code execution without user interaction
  • Exploitation Method: Buffer overflow via attacker-controlled packet data
  • Mitigation: MediaTek has released patches; users should update immediately
  • Public PoC Availability: Recently made available, increasing exploitation risk
  • SonicWall Protections: IPS signatures released for detection

MITRE Techniques

  • [T1203] Exploitation for Client Execution – The vulnerability is exploited to execute arbitrary code via attacker-controlled packet length. Quote: β€˜The vulnerability is a buffer overflow as a result of a length value taken directly from attacker-controlled packet data without bounds checking and placed into a memory copy.’
  • [T1059] Command and Scripting Interpreter – Exploitation uses command-line interfaces to maintain access. Quote: β€˜This method leverages the `system()` call to execute commands, such as sending a reverse shell back to the attacker.’
  • [T1068] Privilege Escalation – Exploiting vulnerabilities to gain higher privileges. Quote: β€˜Exploiting vulnerabilities to gain higher privileges.’
  • [T1218] Defense Evasion – Using legitimate tools to bypass defenses. Quote: β€˜Using legitimate tools to bypass defenses.’
  • [T1071] Command and Control – Using application layer protocols for command and control. Quote: β€˜Using application layer protocols for command and control.’

Indicators of Compromise

  • [Domain] Context – corp.mediatek.com, github.com
  • [CVE] Vulnerability IDs – CVE-2024-20017
  • [IPS Signature] Detection signatures – 20322, 20323

Read more: https://blog.sonicwall.com/en-us/2024/09/critical-exploit-in-mediatek-wi-fi-chipsets-zero-click-vulnerability-cve-2024-20017-threatens-routers-and-smartphones/