MediaTek chipsets are reported to contain a critical vulnerability that could make it easier for hackers to use Remote Code Execution (RCE) attacks. According to the cybersecurity firm, some chips have this vulnerability, which largely affects devices such as routers and smartphones. Notably, the vulnerability was reported in March, but a proof-of-concept was recently published on GitHub highlighting that it could be exploited. The firm rated it as a critical zero-click vulnerability with a CVSS 3.0 score of 9.8.
SonicWall Capture Labs research team detailed the new vulnerability in a blog post. The flaw has been labeled CVE-2024-20017 and is described as a critical non-clickable vulnerability. Simply put, this type of security flaw allows attackers to exploit a system remotely, without any action or interaction from the victim. This means that the user does not need to follow any of the patterns used in a traditional phishing attack.
Researchers gave the vulnerability a score of 9.8, emphasizing its critical nature. The problem was seen in particular in two MediaTek Wi-Fi chipsets, the MT7622 and MT7915, as well as in the RTxxxx series of SoftAP driver packages. These chipsets are commonly used by manufacturers such as Xiaomi, Ubiquiti and Netgear for smartphones and routers. According to the cybersecurity firm, the vulnerability affects MediaTek SDK versions 7.4.0.1 and earlier, as well as OpenWrt versions 19.07 and 21.02.
When exploited, this vulnerability could allow remote code execution. According to the researchers, attackers can use “the technique of overwriting a table via a return-oriented programming (ROP) chain to harvest sensitive information from a device without the need for the user.
One of the reasons the vulnerability is being highlighted now, rather than in March when it was first discovered, is that a GitHub post demonstrated a proof-of-concept for the vulnerability, explaining that an attack using CVE-2024-20017 is possible.
Notably, the researchers reached out to MediaTek, and the chip maker released patches to address the security flaw. Users have also been asked to update the firmware as soon as possible.
