Details of VAR-202412-0245

ID

VAR-202412-0245

CVE

CVE-2024-20131

TITLE

media tech's nr16 and NR17 Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-022693

DESCRIPTION

In Modem, there is a possible escalation of privilege due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01395886; Issue ID: MSV-1873. media tech's nr16 and NR17 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-20131 // JVNDB: JVNDB-2024-022693

AFFECTED PRODUCTS

vendor:	mediatek	model:	nr16	scope:	eq	version:	-	Trust: 1.0
vendor:	mediatek	model:	nr17	scope:	eq	version:	-	Trust: 1.0
vendor:	メディアテック	model:	nr16	scope:	-	version:	-	Trust: 0.8
vendor:	メディアテック	model:	nr17	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2024-022693 // NVD: CVE-2024-20131

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-20131
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2024-022693
value:	MEDIUM
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-20131
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-022693
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-022693 // NVD: CVE-2024-20131

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [ others ]	Trust: 0.8
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-022693 // NVD: CVE-2024-20131

EXTERNAL IDS

db:	NVD	id:	CVE-2024-20131	Trust: 2.6
db:	JVNDB	id:	JVNDB-2024-022693	Trust: 0.8

sources: JVNDB: JVNDB-2024-022693 // NVD: CVE-2024-20131

REFERENCES

url:	https://corp.mediatek.com/product-security-bulletin/december-2024	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-20131	Trust: 0.8

sources: JVNDB: JVNDB-2024-022693 // NVD: CVE-2024-20131

SOURCES

db:	JVNDB	id:	JVNDB-2024-022693
db:	NVD	id:	CVE-2024-20131

LAST UPDATE DATE

2025-04-25T01:54:18.914000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-022693	date:	2025-04-23T04:49:00
db:	NVD	id:	CVE-2024-20131	date:	2025-04-22T13:56:27.550

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-022693	date:	2025-04-23T00:00:00
db:	NVD	id:	CVE-2024-20131	date:	2024-12-02T04:15:05.337