Details of VAR-202406-2694

ID

VAR-202406-2694

CVE

CVE-2024-20068

TITLE

media tech's nr16 and NR17 Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-022912

DESCRIPTION

In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is no needed for exploitation. Patch ID: MOLY01270721; Issue ID: MSV-1479. media tech's nr16 and NR17 Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-20068 // JVNDB: JVNDB-2024-022912

AFFECTED PRODUCTS

vendor:	mediatek	model:	nr16	scope:	eq	version:	-	Trust: 1.0
vendor:	mediatek	model:	nr17	scope:	eq	version:	-	Trust: 1.0
vendor:	メディアテック	model:	nr17	scope:	-	version:	-	Trust: 0.8
vendor:	メディアテック	model:	nr16	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2024-022912 // NVD: CVE-2024-20068

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-20068
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2024-022912
value:	MEDIUM
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-20068
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-022912
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-022912 // NVD: CVE-2024-20068

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8
problemtype:	Out-of-bounds writing (CWE-787) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-022912 // NVD: CVE-2024-20068

EXTERNAL IDS

db:	NVD	id:	CVE-2024-20068	Trust: 2.6
db:	JVNDB	id:	JVNDB-2024-022912	Trust: 0.8

sources: JVNDB: JVNDB-2024-022912 // NVD: CVE-2024-20068

REFERENCES

url:	https://corp.mediatek.com/product-security-bulletin/june-2024	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-20068	Trust: 0.8

sources: JVNDB: JVNDB-2024-022912 // NVD: CVE-2024-20068

SOURCES

db:	JVNDB	id:	JVNDB-2024-022912
db:	NVD	id:	CVE-2024-20068

LAST UPDATE DATE

2025-04-30T02:57:16.822000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-022912	date:	2025-04-28T01:13:00
db:	NVD	id:	CVE-2024-20068	date:	2025-04-25T18:38:30.833

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-022912	date:	2025-04-28T00:00:00
db:	NVD	id:	CVE-2024-20068	date:	2024-06-03T02:15:08.873