Tech & Gadgets

Major vulnerability found in MediaTek chipsets could affect smartphones

September 23, 2024
0 5 1 minute read
Major vulnerability found in MediaTek chipsets could affect smartphones

MediaTek chipsets reportedly contain a critical vulnerability that could make it easy for hackers to exploit remote code execution (RCE) attacks. According to a cybersecurity firm, some chips have the vulnerability, which has a major impact on devices such as routers and smartphones. Notably, the vulnerability was reported in March, but a proof-of-concept was recently published on GitHub highlighting its potential for exploitation. The company has rated it as a critical zero-click vulnerability with a CVSS 3.0 score of 9.8.

In a blog postSonicWall Capture Labs’ threat research team has detailed the new vulnerability. The flaw has been designated CVE-2024-20017 and is described as a critical zero-click vulnerability. Simply put, this type of security flaw allows attackers to remotely exploit a system, without any action or interaction required from the victim. This means that the user does not have to follow templates that are used in a traditional phishing attack.

The researchers gave the vulnerability a score of 9.8, highlighting its critical nature. The issue was specifically noticed in two MediaTek Wi-Fi chipsets, MT7622 and MT7915, as well as the RTxxxx series SoftAP driver bundles. These chipsets are commonly used by manufacturers such as Xiaomi, Ubiquiti, and Netgear for smartphones and routers. According to the cybersecurity firm, the vulnerability affects MediaTek SDK versions 7.4. 0.1 and earlier, and OpenWrt versions 19.07 and 21.02.

In terms of exploitation, this vulnerability opens up the possibility of remote code execution. According to the researchers, attackers can use a “table overwrite technique via a return-oriented programming (ROP) chain” to collect sensitive information from the device without requiring user intervention.

One of the reasons the vulnerability is being highlighted now rather than in March, when it was first discovered, is because a proof-of-concept of the vulnerability was presented in a GitHub post, explaining that an attack using CVE-2024-20017 is possible.

Interestingly, the researchers contacted MediaTek and the chipmaker released patches to fix the vulnerability. Users were also asked to update the firmware as soon as possible.

September 23, 2024
0 5 1 minute read

Related Articles

Another major American healthcare organization has been hacked, with potentially major consequences

Another major American healthcare organization has been hacked, with potentially major consequences

11 minutes ago
Gemini in Gmail now integrated with the Google Calendar app

Gemini in Gmail now integrated with the Google Calendar app

14 minutes ago
Add some extra spice to your Christmas tree this season with smart lighting

Add some extra spice to your Christmas tree this season with smart lighting

25 minutes ago
I wasted my day on Bluesky Social and no, I’m not sorry

I wasted my day on Bluesky Social and no, I’m not sorry

42 minutes ago

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button