Details of VAR-202412-0282

ID

VAR-202412-0282

CVE

CVE-2024-20133

TITLE

media tech's nr16 Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-022677

DESCRIPTION

In Modem, there is a possible escalation of privilege due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01395886; Issue ID: MSV-1871. media tech's nr16 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-20133 // JVNDB: JVNDB-2024-022677

AFFECTED PRODUCTS

vendor:	mediatek	model:	nr16	scope:	eq	version:	-	Trust: 1.0
vendor:	メディアテック	model:	nr16	scope:	-	version:	-	Trust: 0.8
vendor:	メディアテック	model:	nr16	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2024-022677 // NVD: CVE-2024-20133

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-20133
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2024-022677
value:	MEDIUM
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-20133
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-022677
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-022677 // NVD: CVE-2024-20133

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [ others ]	Trust: 0.8
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-022677 // NVD: CVE-2024-20133

EXTERNAL IDS

db:	NVD	id:	CVE-2024-20133	Trust: 2.6
db:	JVNDB	id:	JVNDB-2024-022677	Trust: 0.8

sources: JVNDB: JVNDB-2024-022677 // NVD: CVE-2024-20133

REFERENCES

url:	https://corp.mediatek.com/product-security-bulletin/december-2024	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-20133	Trust: 0.8

sources: JVNDB: JVNDB-2024-022677 // NVD: CVE-2024-20133

SOURCES

db:	JVNDB	id:	JVNDB-2024-022677
db:	NVD	id:	CVE-2024-20133

LAST UPDATE DATE

2025-04-25T01:41:11.933000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-022677	date:	2025-04-23T03:26:00
db:	NVD	id:	CVE-2024-20133	date:	2025-04-22T13:56:23.960

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-022677	date:	2025-04-23T00:00:00
db:	NVD	id:	CVE-2024-20133	date:	2024-12-02T04:15:05.567