CVE-2024-20150
Published: 06 January 2025
Summary
CVE-2024-20150 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Mediatek Lr12A. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 8.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Deeper analysis
In Modem components from MediaTek, a logic error can trigger a system crash, resulting in remote denial of service. The flaw is tracked as CVE-2024-20150 with a CVSS score of 7.5 and is associated with CWE-502; it requires no user interaction or elevated privileges for exploitation and is addressed via patch ID MOLY01412526.
An unauthenticated remote attacker can send crafted input over the network to induce the crash, disrupting service availability on affected devices without gaining code execution or accessing sensitive data.
The MediaTek January 2025 security bulletin lists the corresponding Issue ID MSV-2018 and directs vendors to apply the referenced patch for remediation.
EPSS scores remain low, with a current value of 0.0736 and a peak of 0.0934, indicating limited observed exploitation interest to date.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-17865
Vulnerability details
In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01412526; Issue ID: MSV-2018.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated network exploitation of the modem logic error directly enables application/system crash for availability impact, matching T1499.004 (Application or System Exploitation) under Endpoint Denial of Service.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely remediation of known flaws like this modem logic error via patches such as MOLY01412526 to prevent remote DoS exploitation.
Implements protections specifically against denial-of-service attacks that cause system crashes from remote network access to the vulnerable modem component.
Validates untrusted network inputs to the modem to block malformed data triggering the deserialization-related logic error (CWE-502).