CVE-2024-20153

HIGH EPSS 23.5%

Published Jan 6, 20251y ago · Modified Jun 17, 20261w ago

7.5 CVSS 3.1

High

Published Jan 6, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

In wlan STA, there is a possible way to trick a client to connect to an AP with spoofed SSID. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08990446 / ALPS09057442; Issue ID: MSV-1598.

CVSS Details

Base Score

7.5

Exploitability

3.9

Impact

3.6

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality High

Integrity None

Availability None

Threat Intelligence

EPSS Exploit Probability

23.5% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-304

Affected Products 28

Vendor	Product	Version	Range
linuxfoundation	yocto	3.3	any
linuxfoundation	yocto	4.0	any
linuxfoundation	yocto	5.0	any
mediatek	software_development_kit	*	≤3.5
google	android	14.0	any
google	android	15.0	any
mediatek	mt2737	*	any
mediatek	mt6989	*	any
mediatek	mt6991	*	any
mediatek	mt7925	*	any
mediatek	mt8365	*	any
mediatek	mt8518s	*	any
mediatek	mt8532	*	any
mediatek	mt8666	*	any
mediatek	mt8667	*	any
mediatek	mt8673	*	any
mediatek	mt8676	*	any
mediatek	mt8678	*	any
mediatek	mt8755	*	any
mediatek	mt8766	*	any
mediatek	mt8768	*	any
mediatek	mt8775	*	any
mediatek	mt8781	*	any
mediatek	mt8786	*	any
mediatek	mt8788	*	any
mediatek	mt8796	*	any
mediatek	mt8798	*	any
mediatek	mt8893	*	any

References 1

corp.mediatek.com https://corp.mediatek.com/product-security-bulletin/January-2025

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.