A critical zero-click vulnerability has been discovered that is affecting MediaTek Wi-Fi chipsets and driver bundles used in routers and smartphones from various manufacturers, including Ubiquiti, Xiaomi, and Netgear. The vulnerability, labeled as CVE-2024-20017 with a CVSS score of 9.8, was brought to light by researchers at SonicWall Capture Labs, who found that exploitation of the issue could lead to remote code execution (RCE) without any user interaction, essentially paving the way for cyber attackers to take control of the affected devices with ease. To add fuel to the fire, a public proof-of-concept exploit (PoC) has recently surfaced, further heightening the urgency for users to address this issue promptly.
The specific MediaTek SDK versions impacted by this vulnerability are 7.4.0.1 and earlier, as well as OpenWrt 19.07 and 21.02. Therefore, users utilizing devices with these configurations are strongly advised to apply the available patches provided by MediaTek as soon as possible to mitigate the risk posed by this vulnerability.
Delving into the technical aspects of the vulnerability, it has been identified as an out-of-bounds write issue residing in the wappd, a network daemon responsible for the configuration and management of wireless interfaces and access points. The researchers at SonicWall Capture Labs elaborated on the complexity of the wappd architecture, highlighting its composition of the network service itself, local services that interact with the wireless interfaces of the device, and the channels of communication between components via Unix domain sockets. This vulnerability stems from a buffer overflow resulting from a length value extracted directly from packet data controlled by the attacker, lacking necessary bounds checking before being inserted into a memory copy, thus creating a security loophole that could be exploited for malicious purposes.
The availability of a public PoC exploit serves as a red flag, emphasizing the critical importance of prompt action to address this vulnerability. Failure to do so could leave devices vulnerable to exploitation by threat actors seeking to compromise network security and gain unauthorized access to sensitive information stored on these devices. Consequently, staying proactive and ensuring the timely application of patches and security updates provided by MediaTek is paramount to safeguarding against potential cyber threats exploiting this zero-click vulnerability in MediaTek Wi-Fi chipsets and driver bundles.
Serbian 
English 
Albanian 
Croatian 