Cyber Resilience

CVE-2024-20094

High

Published: 07 October 2024

Published
07 October 2024
Modified
25 April 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0641 91.2th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-20094 is a high-severity Reachable Assertion (CWE-617) vulnerability in Mediatek Nr15. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 8.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

In Modem software, a missing bounds check can trigger a system crash, as described under CVE-2024-20094. The flaw is tracked with Patch ID MOLY00843282 and Issue ID MSV-1535, carries a CVSS 3.1 base score of 7.5, and is associated with CWE-617. It affects MediaTek modem implementations and was disclosed on 7 October 2024.

An unauthenticated network attacker can send crafted input to the modem over the network, causing a denial-of-service condition that crashes the system. No additional execution privileges or user interaction are required for successful exploitation.

MediaTek’s October 2024 product security bulletin lists the issue and directs customers to apply the referenced patch for remediation. The EPSS score remains flat at 0.0641 with no material increase after disclosure.

EU & UK References

Vulnerability details

In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00843282; Issue ID:…

more

MSV-1535.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

mediatek
nr15
all versions

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References