{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-20137", "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "state": "PUBLISHED", "assignerShortName": "MediaTek", "dateReserved": "2023-11-02T13:35:35.183Z", "datePublished": "2024-12-02T03:07:11.803Z", "dateUpdated": "2024-12-02T15:48:25.247Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek", "dateUpdated": "2024-12-02T03:07:11.803Z"}, "descriptions": [{"lang": "en", "value": "In wlan driver, there is a possible client disconnection due to improper handling of exceptional conditions. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00384543; Issue ID: MSV-1727."}], "affected": [{"vendor": "MediaTek, Inc.", "product": "MT6890, MT7622, MT7915, MT7916, MT7981, MT7986", "versions": [{"version": "SDK release 7.4.0.1 (MT7915) and 7.6.7.2 (MT7916, MT798X) and before", "status": "affected"}]}], "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/December-2024"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "cweId": "CWE-248", "description": "CWE-248 Uncaught Exception"}]}]}, "adp": [{"affected": [{"vendor": "mediatek", "product": "mt6890", "cpes": ["cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "mediatek", "product": "mt7622", "cpes": ["cpe:2.3:h:mediatek:mt7622:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "mediatek", "product": "mt7915", "cpes": ["cpe:2.3:h:mediatek:mt7915:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "mediatek", "product": "mt7916", "cpes": ["cpe:2.3:h:mediatek:mt7916:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "mediatek", "product": "mt7981", "cpes": ["cpe:2.3:h:mediatek:mt7981:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "mediatek", "product": "mt7986", "cpes": ["cpe:2.3:h:mediatek:mt7986:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-12-02T15:48:07.775098Z", "id": "CVE-2024-20137", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-02T15:48:25.247Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-20137", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-02T15:48:07.775098Z"}}}], "affected": [{"cpes": ["cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*"], "vendor": "mediatek", "product": "mt6890", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mediatek:mt7622:-:*:*:*:*:*:*:*"], "vendor": "mediatek", "product": "mt7622", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mediatek:mt7915:-:*:*:*:*:*:*:*"], "vendor": "mediatek", "product": "mt7915", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mediatek:mt7916:-:*:*:*:*:*:*:*"], "vendor": "mediatek", "product": "mt7916", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mediatek:mt7981:-:*:*:*:*:*:*:*"], "vendor": "mediatek", "product": "mt7981", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:h:mediatek:mt7986:-:*:*:*:*:*:*:*"], "vendor": "mediatek", "product": "mt7986", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-02T15:46:18.775Z"}}], "cna": {"affected": [{"vendor": "MediaTek, Inc.", "product": "MT6890, MT7622, MT7915, MT7916, MT7981, MT7986", "versions": [{"status": "affected", "version": "SDK release 7.4.0.1 (MT7915) and 7.6.7.2 (MT7916, MT798X) and before"}]}], "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/December-2024"}], "descriptions": [{"lang": "en", "value": "In wlan driver, there is a possible client disconnection due to improper handling of exceptional conditions. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00384543; Issue ID: MSV-1727."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-248", "description": "CWE-248 Uncaught Exception"}]}], "providerMetadata": {"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek", "dateUpdated": "2024-12-02T03:07:11.803Z"}}}, "cveMetadata": {"cveId": "CVE-2024-20137", "state": "PUBLISHED", "dateUpdated": "2024-12-02T15:48:25.247Z", "dateReserved": "2023-11-02T13:35:35.183Z", "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "datePublished": "2024-12-02T03:07:11.803Z", "assignerShortName": "MediaTek"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In wlan driver, there is a possible client disconnection due to improper handling of exceptional conditions. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00384543; Issue ID: MSV-1727."}, {"lang": "es", "value": "En el controlador WLAN, existe una posible desconexi\u00f3n del cliente debido al manejo inadecuado de condiciones excepcionales. Esto podr\u00eda provocar una denegaci\u00f3n de servicio remota sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: WCNCR00384543; ID de problema: MSV-1727."}], "id": "CVE-2024-20137", "lastModified": "2024-12-02T16:15:08.433", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-12-02T04:15:06.030", "references": [{"source": "security@mediatek.com", "url": "https://corp.mediatek.com/product-security-bulletin/December-2024"}], "sourceIdentifier": "security@mediatek.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-248"}], "source": "security@mediatek.com", "type": "Secondary"}]}

{}

{}