Details of VAR-202501-0476

ID

VAR-202501-0476

CVE

CVE-2024-20149

TITLE

media tech's LR12 Vulnerabilities related to improper validation of quantities specified in inputs in multiple products, such as

Trust: 0.8

sources: JVNDB: JVNDB-2025-024588

DESCRIPTION

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01231341 / MOLY01263331 / MOLY01233835; Issue ID: MSV-2165. Patch ID teeth MOLY01231341 , MOLY01263331 , MOLY01233835 And the problem ID teeth MSV-2165 is.Information handled by the software will not be leaked to the outside. Information handled by the software will not be rewritten. In addition, the software may stop functioning completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2024-20149 // JVNDB: JVNDB-2025-024588

AFFECTED PRODUCTS

vendor:	mediatek	model:	nr17.r2	scope:	eq	version:	*	Trust: 1.0
vendor:	mediatek	model:	lr12	scope:	eq	version:	-	Trust: 1.0
vendor:	mediatek	model:	lr13	scope:	eq	version:	-	Trust: 1.0
vendor:	mediatek	model:	nr16	scope:	eq	version:	-	Trust: 1.0
vendor:	mediatek	model:	nr15	scope:	eq	version:	-	Trust: 1.0
vendor:	mediatek	model:	nr17.r1	scope:	eq	version:	-	Trust: 1.0
vendor:	メディアテック	model:	nr16	scope:	-	version:	-	Trust: 0.8
vendor:	メディアテック	model:	lr13	scope:	-	version:	-	Trust: 0.8
vendor:	メディアテック	model:	nr17.r1	scope:	-	version:	-	Trust: 0.8
vendor:	メディアテック	model:	nr17.r2	scope:	-	version:	-	Trust: 0.8
vendor:	メディアテック	model:	nr15	scope:	-	version:	-	Trust: 0.8
vendor:	メディアテック	model:	lr12	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2025-024588 // NVD: CVE-2024-20149

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-20149
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-024588
value:	HIGH
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-20149
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-024588
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2025-024588 // NVD: CVE-2024-20149

PROBLEMTYPE DATA

problemtype:	CWE-1284	Trust: 1.0
problemtype:	Improper validation of quantity specified in input (CWE-1284) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-024588 // NVD: CVE-2024-20149

PATCH

title:

January 2025

url:

https://corp.mediatek.com/product-security-bulletin/January-2025

Trust: 0.8

sources: JVNDB: JVNDB-2025-024588

EXTERNAL IDS

db:	NVD	id:	CVE-2024-20149	Trust: 2.6
db:	JVNDB	id:	JVNDB-2025-024588	Trust: 0.8

sources: JVNDB: JVNDB-2025-024588 // NVD: CVE-2024-20149

REFERENCES

url:	https://corp.mediatek.com/product-security-bulletin/january-2025	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2024-20149	Trust: 0.8

sources: JVNDB: JVNDB-2025-024588 // NVD: CVE-2024-20149

SOURCES

db:	JVNDB	id:	JVNDB-2025-024588
db:	NVD	id:	CVE-2024-20149

LAST UPDATE DATE

2026-01-14T23:48:42.914000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2025-024588	date:	2026-01-14T07:36:00
db:	NVD	id:	CVE-2024-20149	date:	2026-01-12T16:23:30.287

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2025-024588	date:	2026-01-14T00:00:00
db:	NVD	id:	CVE-2024-20149	date:	2025-01-06T04:15:07.193