CVE-2024-20003 – This vulnerability in MediaTek modem firmware a... (How to Fix)

Q: What is the severity of CVE-2024-20003?

CVE-2024-20003 has a CVSS score of 7.5 (HIGH). This vulnerability in MediaTek modem firmware allows remote denial of service through improper input validation. Attackers can send specially crafted NR RRC Connection Setup messages to crash the system without authentication or user interaction. This affects devices using MediaTek NL1 modem chipsets.

📋 TL;DR

This vulnerability in MediaTek modem firmware allows remote denial of service through improper input validation. Attackers can send specially crafted NR RRC Connection Setup messages to crash the system without authentication or user interaction. This affects devices using MediaTek NL1 modem chipsets.

💻 Affected Systems

Products:

MediaTek NL1 modem chipsets

Versions: Specific firmware versions not publicly detailed in advisory

Operating Systems: Android and other OS using MediaTek modems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with vulnerable MediaTek modem firmware; exact device models not specified in advisory.

📦 What is this software?

Nr15 by Mediatek

View all CVEs affecting Nr15 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete modem/system crash causing loss of cellular connectivity, potentially requiring device reboot or factory reset.

🟠

Likely Case

Temporary denial of cellular service until modem/system reboots automatically.

🟢

If Mitigated

No impact if patched; limited impact if network filtering blocks malicious messages.

🌐 Internet-Facing: HIGH - Exploitable remotely via cellular network without authentication.

🏢 Internal Only: LOW - Requires cellular network access, not typical internal network.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW - No authentication or user interaction required.

Exploitation requires sending malformed NR RRC messages via cellular network.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patch ID: MOLY01191612

Vendor Advisory: https://corp.mediatek.com/product-security-bulletin/February-2024

Restart Required: Yes

Instructions:

1. Contact device manufacturer for firmware updates. 2. Apply MediaTek-provided modem firmware patch MOLY01191612. 3. Reboot device after update.

🔧 Temporary Workarounds

Network filtering

all

Filter malicious NR RRC Connection Setup messages at network level

🧯 If You Can't Patch

Monitor for modem/system crashes and implement rapid response procedures
Consider replacing affected devices with patched versions if critical infrastructure

🔍 How to Verify

Check if Vulnerable:

Check device modem firmware version against MediaTek advisory; contact manufacturer for specific vulnerability status.

Check Version:

Device-specific commands vary; typically via Android debug bridge or manufacturer diagnostic tools.

Verify Fix Applied:

Verify patch MOLY01191612 is applied in modem firmware version; test with valid NR RRC messages.

📡 Detection & Monitoring

Log Indicators:

Modem crash logs
Unexpected modem resets
NR RRC protocol errors

Network Indicators:

Unusual NR RRC Connection Setup messages
Spike in connection failures

SIEM Query:

Search for modem crash events or NR RRC protocol anomalies in device/system logs

📊 Metadata

CVE ID: CVE-2024-20003

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-20

Published: February 5, 2024

Last Updated: November 21, 2024

🔗 References

https://corp.mediatek.com/product-security-bulletin/February-2024 Vendor Advisory
https://corp.mediatek.com/product-security-bulletin/February-2024 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-20003, you might also want to check these: