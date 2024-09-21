In a recent development, researchers from SonicWall Capture Labs found a nearly max-critical zero-click vulnerability affecting MediaTek Wi-Fi chipsets and driver bundles in routers and smartphones from numerous manufacturers, including Ubiquiti, Xiaomi, and Netgear. This vulnerability (CVE-2024-20017) has a CVSS score of 9.8. Moreover, it can allow for remote code execution (RCE) without any user interaction, posing a serious risk of device takeover.

A public proof-of-concept (PoC) exploit is making the matter even worse, increasing the urgency for affected users to apply patches. The vulnerability impacts MediaTek SDK versions 7.4.0.1 and earlier. Moreover, it also affects OpenWrt versions 19.07 and 21.02. Affected users are recommended to update to the latest MediaTek patches immediately.

MediaTek Wi-Fi Chipsets Hit by Near-Critical Zero-Click Flaw

This zero-click flaw is an out-of-bounds write issue located in the network daemon, wappd, which manages and configures wireless interfaces and access points. According to SonicWall’s research, wappd’s architecture includes complex interactions between its network service, local device services, and communication channels via Unix domain sockets. The flaw stems from a buffer overflow triggered by a length value directly taken from attacker-controlled packet data, which is then placed into a memory copy without bounds checking.

The vulnerability can allow attackers to take full control of devices by exploiting a buffer overflow caused by unchecked packet data. Given the severity of this flaw, users must quickly apply the available MediaTek patches and protect their devices from potential exploitation. Staying proactive with updates is critical to minimizing the risk posed by this vulnerability. Do share with us in the comment section if you know more about this vulnerability.

