News AI
September 20th, 2024

Critical Exploit in MediaTek Wi-Fi Chipsets: Zero-Click Vulnerability

A critical zero-click vulnerability, CVE-2024-20017, in MediaTek Wi-Fi chipsets allows remote code execution. Users are urged to update firmware due to increased exploitation risk from public proof-of-concept code.

Read original articleLink Icon
FrustrationConfusionConcern
Critical Exploit in MediaTek Wi-Fi Chipsets: Zero-Click Vulnerability

A critical zero-click vulnerability, identified as CVE-2024-20017, has been discovered in MediaTek Wi-Fi chipsets, affecting various devices including routers and smartphones. This vulnerability, which has a CVSS score of 9.8, allows remote code execution without user interaction due to an out-of-bounds write issue in the wappd network daemon. The affected chipsets include MediaTek MT7622/MT7915 and RTxxxx SoftAP driver bundles, with vulnerable SDK versions being 7.4.0.1 and earlier, as well as OpenWrt versions 19.07 and 21.02. Although patches were released in March 2024, the recent availability of public proof-of-concept (PoC) code has heightened the risk of exploitation. Attackers can exploit this vulnerability by sending specially crafted packets that trigger a buffer overflow, leading to remote code execution. SonicWall has released specific intrusion prevention signatures to protect users from potential exploitation. Users are strongly advised to update their firmware to the latest versions to mitigate the risk associated with this vulnerability.

- CVE-2024-20017 is a critical zero-click vulnerability in MediaTek Wi-Fi chipsets.

- It affects a wide range of devices, including those from Ubiquiti, Xiaomi, and Netgear.

- The vulnerability allows remote code execution without user interaction.

- SonicWall has issued protective measures and users are urged to update their firmware.

- The risk of exploitation has increased due to the release of public proof-of-concept code.

Related

Hackers infect ISPs with malware that steals customers' credentials

Hackers infect ISPs with malware that steals customers' credentials

Hackers linked to the Chinese government exploited a zero-day vulnerability in the Versa Director platform, affecting U.S. ISPs, allowing credential capture via malware before hashing. The vulnerability was patched.

Unpatchable 0-day in surveillance cam is being exploited to install Mirai

Unpatchable 0-day in surveillance cam is being exploited to install Mirai

A zero-day vulnerability in AVTECH's AVM1203 surveillance camera allows remote command execution and has been exploited to spread Mirai malware. Users are advised to replace unsupported devices and secure IoT systems.

Zyxel warns of vulnerabilities in a wide range of its products

Zyxel warns of vulnerabilities in a wide range of its products

Zyxel warns of nearly a dozen vulnerabilities in its products, including a critical flaw allowing unauthenticated command execution. Users are urged to apply patches promptly to mitigate risks.

D-Link says it is not fixing four RCE flaws in DIR-846W routers

D-Link says it is not fixing four RCE flaws in DIR-846W routers

D-Link will not address four critical RCE vulnerabilities in DIR-846W routers, advising users to replace them or enhance security settings, as exploitation could pose risks to connected devices.

Microsoft Says Windows Update Zero-Day Being Exploited to Undo Security Fixes

Microsoft Says Windows Update Zero-Day Being Exploited to Undo Security Fixes

Microsoft warns of a critical vulnerability, CVE-2024-43491, in Windows 10, version 1507, exploited to reverse security fixes. Users should install specific updates. Adobe also issued patches for critical flaws.

AI: What people are saying
The comments on the MediaTek vulnerability highlight several key concerns and discussions among users.
  • Users express frustration over misleading headlines and the need for clearer information regarding the vulnerability's specifics.
  • There is a discussion about the quality of MediaTek's SDK and its comparison to alternative drivers like mt76.
  • Concerns are raised about the naming conventions of MediaTek devices and the difficulty in determining which devices are affected.
  • Some commenters share personal experiences with MediaTek products, expressing dissatisfaction with their performance.
  • There are calls for greater transparency and open-source practices from vendors to improve security and community trust.
Link Icon 16 comments
By @Namidairo - 4 months
Not too surprising given what I've seen of their vendor sdk driver source code, compared to mt76. (Messy would be kind assessment)

Unfortunately, there are also some running aftermarket firmware builds with the vendor driver, due to it having an edge in throughput over mt76.

Mediatek and their WiSoC division luckily have a few engineers that are enthusiastic about engaging with the FOSS community, while also maintaining their own little OpenWrt fork running mt76.[1]

[1] https://git01.mediatek.com/plugins/gitiles/openwrt/feeds/mtk...

By @qhwudbebd - 4 months
The wording of the headline is a bit misleading here. I followed the link thinking it might be a firmware or silicon bug as I have a couple of routers at home with mt76 wifi, but was relieved to find it's just a bug in the vendor's 'sdk' shovelware. I'm baffled that anyone even thought about using that, given there's such good mt76 support from mainline kernels with hostapd.
By @hunter-gatherer - 4 months
Original blog: https://blog.coffinsec.com/0day/2024/08/30/exploiting-CVE-20...
By @Retr0id - 4 months
Is there some logic to MediaTek's naming conventions, or all their devices just MTxxxx where x is some incremented/random number?

I have a device with a mt6631 wifi chip and I'd assume it's unaffected just because it's not mentioned as affected anywhere, but it's hard to tell where it might fit into the lineup.

By @kam - 4 months
They say that OpenWrt 19.07 and 21.02 are affected, but as far as I can tell, official builds of OpenWrt only use the mt76 driver and not the Mediatek SDK.
By @RedShift1 - 4 months
I've been buying laptops with AMD CPU's but they always come with these trash MediaTek RZ616 Wi-Fi cards, why is that? I've been replacing them with Intel Wi-Fi cards, now I have a pile of RZ616 cards ready to become future microplastics :-(
By @usr1106 - 4 months
IIRC my phone uses a MediaTek chipset. And I vaguely remember the vendor has moved away from MediaTek since because of the ahem quality of those products...

No idea how WiFi is done on a phone though. Is there a way to find out whether the phone is affected? I hardly ever use WiFi because I have unlimited cellular data and good coverage, but would still be good to know.

By @1oooqooq - 4 months
i still cannot fathom why in this day and age where people buy any silicon that's available, these C tier vendors don't adopt the PC strategy and completely open their firmwares for open source community.
By @eqvinox - 4 months
> The affected versions include MediaTek SDK versions 7.4.0.1 and earlier, as well as OpenWrt 19.07 and 21.02.

> The vulnerability resides in wappd, a network daemon included in the MediaTek MT7622/MT7915 SDK and RTxxxx SoftAP driver bundle.

OpenWRT doesn't seem to use wappd though?

By @anthk - 4 months
That's why we need free firmware. I'm tired of Broadcom and Ralink.
By @shadowpho - 4 months
Exploit is hard to distinguish between a back door here.
By @justmarc - 4 months
Welcome back to the 90s.
By @mmsc - 4 months
Can the OP's link be changed to the original source, not the advertisement it currently links to? The exploit is documented https://blog.coffinsec.com/0day/2024/08/30/exploiting-CVE-20...
By @xtanx - 4 months
I would like to remind people of the 2016 Adups backdoor:

> According to Kryptowire, Adups engineers would have been able to collect data such as SMS messages, call logs, contact lists, geo-location data, IMSI and IMEI identifiers, and would have been able to forcibly install other apps or execute root commands on all devices.

https://www.bleepingcomputer.com/news/security/android-adups...