Details of VAR-202501-0596

ID

VAR-202501-0596

CVE

CVE-2024-20154

TITLE

media tech's LR12A Multiple vulnerabilities in multiple products, including

Trust: 0.8

sources: JVNDB: JVNDB-2025-024586

DESCRIPTION

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00720348; Issue ID: MSV-2392. ID : MOLY00720348 and problems ID : MSV-2392 Fixed inAll information handled by the software may be leaked to the outside. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2024-20154 // JVNDB: JVNDB-2025-024586

AFFECTED PRODUCTS

vendor:	mediatek	model:	nr16.r1.mp1mp2.mp	scope:	eq	version:	-	Trust: 1.0
vendor:	mediatek	model:	nr16.r2.mp	scope:	eq	version:	-	Trust: 1.0
vendor:	mediatek	model:	nr16.r1.mp	scope:	eq	version:	-	Trust: 1.0
vendor:	mediatek	model:	lr13	scope:	eq	version:	-	Trust: 1.0
vendor:	mediatek	model:	lr12a	scope:	eq	version:	-	Trust: 1.0
vendor:	メディアテック	model:	nr16.r2.mp	scope:	-	version:	-	Trust: 0.8
vendor:	メディアテック	model:	lr13	scope:	-	version:	-	Trust: 0.8
vendor:	メディアテック	model:	lr12a	scope:	-	version:	-	Trust: 0.8
vendor:	メディアテック	model:	nr16.r1.mp1mp2.mp	scope:	-	version:	-	Trust: 0.8
vendor:	メディアテック	model:	nr16.r1.mp	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2025-024586 // NVD: CVE-2024-20154

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-20154
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-024586
value:	HIGH
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2024-20154
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-024586
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2025-024586 // NVD: CVE-2024-20154

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	CWE-787	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-024586 // NVD: CVE-2024-20154

PATCH

title:

January 2025

url:

https://corp.mediatek.com/product-security-bulletin/January-2025

Trust: 0.8

sources: JVNDB: JVNDB-2025-024586

EXTERNAL IDS

db:	NVD	id:	CVE-2024-20154	Trust: 2.6
db:	JVNDB	id:	JVNDB-2025-024586	Trust: 0.8

sources: JVNDB: JVNDB-2025-024586 // NVD: CVE-2024-20154

REFERENCES

url:	https://corp.mediatek.com/product-security-bulletin/january-2025	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2024-20154	Trust: 0.8

sources: JVNDB: JVNDB-2025-024586 // NVD: CVE-2024-20154

SOURCES

db:	JVNDB	id:	JVNDB-2025-024586
db:	NVD	id:	CVE-2024-20154

LAST UPDATE DATE

2026-01-14T23:47:12.638000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2025-024586	date:	2026-01-14T07:36:00
db:	NVD	id:	CVE-2024-20154	date:	2026-01-12T16:19:37.497

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2025-024586	date:	2026-01-14T00:00:00
db:	NVD	id:	CVE-2024-20154	date:	2025-01-06T04:15:07.770