Cyber Resilience

CVE-2024-20154

High

Published: 06 January 2025

Published
06 January 2025
Modified
17 February 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.3327 97.0th percentile
Risk Priority 38 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-20154 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Mediatek Lr12A. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 3.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

In Modem software used in MediaTek chipsets, a missing bounds check enables an out-of-bounds write, tracked as CWE-121 and CWE-787. The flaw affects devices that implement the modem stack and carries a CVSS 3.1 score of 8.8.

An attacker operating a rogue base station can trigger the vulnerability once a user equipment device attaches to that station. Successful exploitation yields remote code execution on the modem without requiring user interaction or additional privileges.

MediaTek’s January 2025 security bulletin lists the issue under Issue ID MSV-2392 and supplies the corresponding patch MOLY00720348 for affected modem firmware versions.

EPSS for the CVE rose from lower values to a peak of 0.5734 on 2026-02-14 before receding to the current 0.3327, indicating a period of increased exploitation interest after disclosure.

EU & UK References

Vulnerability details

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional…

more

execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00720348; Issue ID: MSV-2392.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Out-of-bounds write in modem firmware directly enables client-side remote code execution when UE connects to attacker-controlled base station (adjacent network).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-20434Same product: Mediatek Lr12A
CVE-2025-20727Same product: Mediatek Lr12A
CVE-2024-20150Same product: Mediatek Lr12A
CVE-2024-20149Same product: Mediatek Lr13
CVE-2025-20708Same product: Mediatek Mt2735
CVE-2026-20432Same product: Mediatek Mt2735
CVE-2026-20455Same product: Mediatek Mt6768
CVE-2026-20433Same product: Mediatek Mt2735
CVE-2026-20401Same product: Mediatek Mt2735
CVE-2025-20634Same product: Mediatek Mt8673

Affected Assets

mediatek
lr12a
all versions
mediatek
lr13
all versions
mediatek
nr16.r1.mp
all versions
mediatek
nr16.r1.mp1mp2.mp
all versions
mediatek
nr16.r2.mp
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the missing bounds check by enforcing validation of information inputs from base stations to prevent out-of-bounds writes.

prevent

Requires timely remediation of the specific flaw via Patch ID MOLY00720348 to eliminate the vulnerability in MediaTek Modem firmware.

prevent

Implements memory safeguards to protect against unauthorized code execution resulting from the out-of-bounds write exploitation.

References