Cyber Resilience

CVE-2024-20148

Critical

Published: 06 January 2025

Published
06 January 2025
Modified
22 April 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0010 27.6th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-20148 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Linuxfoundation Yocto. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 27.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2024-20148 is an out-of-bounds write vulnerability in the WLAN Station (STA) firmware due to improper input validation, tracked under CWE-787. It affects the WLAN STA firmware component, as detailed in MediaTek's product security bulletin. The issue carries a CVSS v3.1 base score of 9.8 (Critical), with vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating high confidentiality, integrity, and availability impacts.

The vulnerability enables remote proximal or adjacent code execution without requiring additional privileges or user interaction. Attackers in network proximity can exploit it over the air via crafted wireless packets, potentially compromising the affected device at the firmware level.

MediaTek's January 2025 product security bulletin provides mitigation details, including Patch ID WCNCR00389045 and ALPS09136494, associated with Issue ID MSV-1796. Security practitioners should apply these patches to vulnerable WLAN STA firmware implementations.

EU & UK References

Vulnerability details

In wlan STA FW, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID:…

more

WCNCR00389045 / ALPS09136494; Issue ID: MSV-1796.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

Out-of-bounds write in WLAN STA firmware directly enables remote code execution via crafted wireless packets (adjacent network, no auth/UI required), mapping to exploitation of remote services for initial device compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-20146Same product: Google Android
CVE-2024-43096Same product: Google Android
CVE-2024-49748Same product: Google Android
CVE-2025-20633Same product: Mediatek Software Development Kit
CVE-2025-20645Same product: Google Android
CVE-2025-20778Same product: Google Android
CVE-2025-20795Same product: Google Android
CVE-2026-20409Same product: Google Android
CVE-2025-20798Same product: Google Android
CVE-2026-20412Same product: Google Android

Affected Assets

linuxfoundation
yocto
3.3, 4.0, 5.0
mediatek
software development kit
≤ 2.4
google
android
13.0, 14.0, 15.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates validation of information inputs to the system, addressing the improper input validation that enables the out-of-bounds write in WLAN STA firmware from crafted wireless packets.

prevent

Implements memory protection mechanisms such as bounds checking that directly mitigate out-of-bounds write vulnerabilities in firmware.

prevent

Requires timely flaw remediation including application of vendor patches like WCNCR00389045 to correct the specific vulnerability in WLAN STA firmware.

References