Jump to content
  • Sign Up
×
×
  • Create New...

MediaTek Chipsets Zero-Click Vulnerability Detected by Researchers, Can Affect Routers and Smartphones

Pelican Press

By Pelican Press,
in World News

 Share

Recommended Posts

  • Diamond Member
Pelican Press Warlord

Pelican Press 0

Posted
  • Diamond Member
Posted

This is the hidden content, please

MediaTek Chipsets Zero-Click Vulnerability Detected by Researchers, Can Affect Routers and Smartphones

MediaTek chipsets are reportedly carrying a critical vulnerability which might make it easy for hackers to exploit remote code ********** (RCE) attacks. According to a cybersecurity firm, some of the chips have this vulnerability which majorly impacts devices such as routers and smartphones. Notably, the vulnerability was reported in March, however, a proof-of-concept was published recently on GitHub highlighting that exploiting this was possible. The firm has rated it a critical zero-click vulnerability with a CVSS 3.0 score of 9.8.

In a

This is the hidden content, please
, the threat research team of SonicWall Capture Labs has detailed the new vulnerability. The flaw has been designated CVE-2024-20017 and is described as a critical zero-click vulnerability. Put simply, this type of security flaw allows attackers to exploit a system remotely, without any action or interaction required from the victim. This means the user does not need to follow any templates used in a traditional phishing *******.

The researchers gave the vulnerability a score of 9.8, highlighting its critical nature. The issue was spotted particularly in two MediaTek Wi-Fi chipsets, MT7622 and MT7915, as well as the RTxxxx series SoftAP driver bundles. These chipsets are typically used by manufacturers such as Xiaomi, Ubiquiti, and Netgear for smartphones and routers. As per the cybersecurity firm, the vulnerability affects MediaTek SDK versions 7.4.0.1 and earlier and OpenWrt versions 19.07 and 21.02.

Coming to the exploitation, this vulnerability opens the possibility for a remote code **********. As per the researchers, attackers can use a “table overwrite technique via a return-oriented programming (ROP) chain” to gather sensitive information from the device without the need for the user to do anything.

One reason why the vulnerability is being highlighted now instead of March when it was first discovered, is because a GitHub post has showcased a proof-of-concept of the vulnerability, explaining that carrying out an ******* using CVE-2024-20017 is possible.

Notably, the researchers reached out to MediaTek and the chip maker has released patches to fix the security flaw. Users have also been requested to update the firmware as soon as possible.



This is the hidden content, please

#MediaTek #Chipsets #ZeroClick #Vulnerability #Detected #Researchers #Affect #Routers #Smartphones

This is the hidden content, please

This is the hidden content, please

0

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Vote for the server

    To vote for this server you must login.

    Jim Carrey Flirting GIF

  • Recently Browsing   0 members

    • No registered users viewing this page.

Important Information

Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.

  I accept