In wlan STA FW, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389045 / ALPS09136494; Issue ID: MSV-1796.
The bug results from improper input data validation in WLAN station firmware (CWE-787 — out-of-bounds write). An attacker located near the victim (within wireless network range) can deliver specially crafted data that causes a write outside buffer boundaries. The exploit requires no privileges or user action.
An attacker can gain full remote code execution (RCE) on the victim's device without needing any privileges. This results in potential takeover of the system, breach of confidentiality, integrity, and availability of data.
Security patches available from the manufacturer should be applied according to references — MediaTek security bulletin from January 2025 (https://corp.mediatek.com/product-security-bulletin/January-2025). Patch ID: WCNCR00389045 / ALPS09136494.
Devices with MediaTek chipsets equipped with vulnerable WLAN STA FW software: Linux Foundation Yocto, MediaTek Software Development Kit (SDK), and Google Android — specific versions indicated in the manufacturer's security bulletin from January 2025 (Patch ID: WCNCR00389045 / ALPS09136494, Issue ID: MSV-1796)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HGoogle Android
OSGoogle13.014.015.0Linuxfoundation Yocto
APPLinuxfoundation3.34.05.0Mediatek Mt3603
HWMediatekwszystkie wersjeMediatek Mt6835
HWMediatekwszystkie wersjeMediatek Mt6878
HWMediatekwszystkie wersjeMediatek Mt6886
HWMediatekwszystkie wersjeMediatek Mt6897
HWMediatekwszystkie wersjeMediatek Mt7902
HWMediatekwszystkie wersjeMediatek Mt7920
HWMediatekwszystkie wersjeMediatek Mt7922
HWMediatekwszystkie wersjeMediatek Mt8518s
HWMediatekwszystkie wersjeMediatek Mt8532
HWMediatekwszystkie wersjeMediatek Mt8766
HWMediatekwszystkie wersjeMediatek Mt8768
HWMediatekwszystkie wersjeMediatek Mt8775
HWMediatekwszystkie wersjeMediatek Mt8796
HWMediatekwszystkie wersjeMediatek Mt8798
HWMediatekwszystkie wersjeMediatek Software Development Kit
APPMediatek≤ 2.4
Related vulnerabilities
Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who ha...
Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application cr...
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.4...
Insufficient validation of untrusted input in Text in Google Chrome on Android prior to 150.0.7871.47 allowed ...