Details of VAR-202406-2276

ID

VAR-202406-2276

CVE

CVE-2024-20067

TITLE

media tech's nr16 and NR17 Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-022914

DESCRIPTION

In modem, there is a possible out of bounds write due to improper input invalidation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01267285; Issue ID: MSV-1462. media tech's nr16 and NR17 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-20067 // JVNDB: JVNDB-2024-022914

AFFECTED PRODUCTS

vendor:	mediatek	model:	nr16	scope:	eq	version:	-	Trust: 1.0
vendor:	mediatek	model:	nr17	scope:	eq	version:	-	Trust: 1.0
vendor:	メディアテック	model:	nr17	scope:	-	version:	-	Trust: 0.8
vendor:	メディアテック	model:	nr16	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2024-022914 // NVD: CVE-2024-20067

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-20067
value:	CRITICAL
Trust: 1.0
OTHER:	JVNDB-2024-022914
value:	CRITICAL
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-20067
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-022914
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-022914 // NVD: CVE-2024-20067

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-022914 // NVD: CVE-2024-20067

EXTERNAL IDS

db:	NVD	id:	CVE-2024-20067	Trust: 2.6
db:	JVNDB	id:	JVNDB-2024-022914	Trust: 0.8

sources: JVNDB: JVNDB-2024-022914 // NVD: CVE-2024-20067

REFERENCES

url:	https://corp.mediatek.com/product-security-bulletin/june-2024	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-20067	Trust: 0.8

sources: JVNDB: JVNDB-2024-022914 // NVD: CVE-2024-20067

SOURCES

db:	JVNDB	id:	JVNDB-2024-022914
db:	NVD	id:	CVE-2024-20067

LAST UPDATE DATE

2025-04-30T23:01:49.910000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-022914	date:	2025-04-28T08:32:00
db:	NVD	id:	CVE-2024-20067	date:	2025-04-25T18:39:01.213

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-022914	date:	2025-04-28T00:00:00
db:	NVD	id:	CVE-2024-20067	date:	2024-06-03T02:15:08.770