Details of VAR-202406-1535

ID

VAR-202406-1535

CVE

CVE-2024-20066

TITLE

media tech's nr16 and NR17 Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-017958

DESCRIPTION

In modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is no needed for exploitation. Patch ID: MOLY01267281; Issue ID: MSV-1477. media tech's nr16 and NR17 Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-20066 // JVNDB: JVNDB-2024-017958

AFFECTED PRODUCTS

vendor:	mediatek	model:	nr17	scope:	eq	version:	-	Trust: 1.0
vendor:	mediatek	model:	nr16	scope:	eq	version:	-	Trust: 1.0
vendor:	メディアテック	model:	nr17	scope:	-	version:	-	Trust: 0.8
vendor:	メディアテック	model:	nr16	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2024-017958 // NVD: CVE-2024-20066

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-20066
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-20066
value:	HIGH
Trust: 1.0
NVD:	CVE-2024-20066
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2024-20066
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2024-20066
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-017958 // NVD: CVE-2024-20066 // NVD: CVE-2024-20066

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [ others ]	Trust: 0.8
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-017958 // NVD: CVE-2024-20066

EXTERNAL IDS

db:	NVD	id:	CVE-2024-20066	Trust: 2.6
db:	JVNDB	id:	JVNDB-2024-017958	Trust: 0.8

sources: JVNDB: JVNDB-2024-017958 // NVD: CVE-2024-20066

REFERENCES

url:	https://corp.mediatek.com/product-security-bulletin/june-2024	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-20066	Trust: 0.8

sources: JVNDB: JVNDB-2024-017958 // NVD: CVE-2024-20066

SOURCES

db:	JVNDB	id:	JVNDB-2024-017958
db:	NVD	id:	CVE-2024-20066

LAST UPDATE DATE

2025-03-28T02:46:30.497000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-017958	date:	2025-02-04T08:23:00
db:	NVD	id:	CVE-2024-20066	date:	2025-03-27T16:15:21.380

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-017958	date:	2025-02-04T00:00:00
db:	NVD	id:	CVE-2024-20066	date:	2024-06-03T02:15:08.630