CVE-2024-20089

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability in MediaTek Wi-Fi drivers allows remote attackers to cause denial of service without authentication or user interaction. It affects devices using MediaTek chipsets with vulnerable wlan firmware. The flaw stems from improper error handling that can be triggered remotely.

💻 Affected Systems

Products:

• MediaTek Wi-Fi chipsets and devices using them

Versions: Specific firmware versions not detailed in advisory

Operating Systems: Android, Linux-based systems with MediaTek Wi-Fi

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with MediaTek Wi-Fi hardware; exact models not specified in available information

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Rdk B by Rdkcentral

View all CVEs affecting Rdk B →

Yocto by Linuxfoundation

View all CVEs affecting Yocto →

Yocto by Linuxfoundation

View all CVEs affecting Yocto →

Yocto by Linuxfoundation

View all CVEs affecting Yocto →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Permanent device bricking requiring hardware replacement, complete network disruption for affected devices

🟠

Likely Case

Temporary device crashes requiring reboot, intermittent Wi-Fi connectivity loss

🟢

If Mitigated

Limited impact with network segmentation and proper monitoring

🌐 Internet-Facing: HIGH - Remote exploitation without authentication possible

🏢 Internal Only: HIGH - Internal attackers can exploit without credentials

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

No authentication required, no user interaction needed, making exploitation straightforward

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware with patch ID ALPS08861558

Vendor Advisory: https://corp.mediatek.com/product-security-bulletin/September-2024

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates 2. Apply MediaTek-provided patch ALPS08861558 3. Reboot device after update

🔧 Temporary Workarounds

Disable Wi-Fi

all

Turn off Wi-Fi functionality to prevent exploitation

Network segmentation

all

Isolate affected devices on separate network segments

🧯 If You Can't Patch

• Implement strict network access controls to limit exposure
• Monitor for Wi-Fi disconnection events and device crashes

🔍 How to Verify

Check if Vulnerable:

Copy

Check device firmware version against MediaTek security bulletin

Check Version:

Copy

Device-specific commands vary by manufacturer; check system settings or use manufacturer tools

Verify Fix Applied:

Copy

Verify patch ID ALPS08861558 is present in firmware

📡 Detection & Monitoring

Log Indicators:

• Unexpected Wi-Fi driver crashes
• Multiple device reboots
• WLAN service failures

Network Indicators:

• Sudden Wi-Fi disconnections across multiple devices
• Unusual broadcast/multicast traffic patterns

SIEM Query:

Copy

source="wlan" AND (event="crash" OR event="error" OR event="failure")

📊 Metadata

CVE ID: CVE-2024-20089

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-703

Published: September 2, 2024

Last Updated: September 5, 2024

🔗 References

• https://corp.mediatek.com/product-security-bulletin/September-2024 Vendor Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-20089, you might also want to check these:

CVE-2025-13021 9.8

A critical vulnerability in Firefox and Thunderbird's WebGPU component allows memory corruption due ...

Same vulnerability type (CWE-703)

CVE-2025-13022 9.8

A critical vulnerability in Firefox and Thunderbird's WebGPU component allows memory corruption due ...

Same vulnerability type (CWE-703)

CVE-2025-13023 9.8

A sandbox escape vulnerability in Firefox and Thunderbird's WebGPU component allows attackers to exe...

Same vulnerability type (CWE-703)