CVE-2024-20146 – This vulnerability in MediaTek WLAN STA drivers... (How to Fix)

Q: What is the severity of CVE-2024-20146?

CVE-2024-20146 has a CVSS score of 8.1 (HIGH). This vulnerability in MediaTek WLAN STA drivers allows remote attackers within wireless range to execute arbitrary code without user interaction. It affects devices using MediaTek chipsets with vulnerable wireless drivers. Exploitation requires proximity to the target device but no authentication.

📋 TL;DR

This vulnerability in MediaTek WLAN STA drivers allows remote attackers within wireless range to execute arbitrary code without user interaction. It affects devices using MediaTek chipsets with vulnerable wireless drivers. Exploitation requires proximity to the target device but no authentication.

💻 Affected Systems

Products:

MediaTek WLAN STA driver

Versions: Specific versions not publicly detailed in advisory

Operating Systems: Android and other OS using MediaTek wireless chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with MediaTek wireless chipsets in STA (client) mode. Requires attacker to be within wireless range.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise with remote code execution, potentially leading to data theft, device takeover, or lateral movement within networks.

🟠

Likely Case

Device compromise leading to data exfiltration, installation of malware, or use as pivot point in network attacks.

🟢

If Mitigated

Limited impact if network segmentation and wireless security controls prevent unauthorized access to vulnerable devices.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

No authentication required, but attacker must be within wireless proximity. No public exploit code available as of advisory date.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches identified as WCNCR00389496 / ALPS09137491

Vendor Advisory: https://corp.mediatek.com/product-security-bulletin/January-2025

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply MediaTek-provided patches WCNCR00389496/ALPS09137491. 3. Reboot device after patch installation.

🔧 Temporary Workarounds

Disable vulnerable wireless interfaces

Android/Linux

Temporarily disable WLAN interfaces to prevent exploitation until patches can be applied

adb shell svc wifi disable
nmcli radio wifi off

Implement network segmentation

all

Isolate vulnerable devices on separate network segments with strict access controls

🧯 If You Can't Patch

Segment vulnerable devices on isolated network segments
Implement strict wireless access controls and monitoring

🔍 How to Verify

Check if Vulnerable:

Check device specifications for MediaTek wireless chipset and firmware version against vendor advisory

Check Version:

adb shell getprop ro.build.fingerprint (for Android devices)

Verify Fix Applied:

Verify patch IDs WCNCR00389496 or ALPS09137491 are present in firmware/OS version information

📡 Detection & Monitoring

Log Indicators:

Unusual wireless connection attempts
Driver crash logs
Kernel panic messages related to wlan

Network Indicators:

Suspicious wireless probe requests
Unusual MAC addresses in proximity
Anomalous wireless traffic patterns

SIEM Query:

source="wireless_logs" AND (event="driver_error" OR event="kernel_panic") AND process="wlan*"

📊 Metadata

CVE ID: CVE-2024-20146

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE: CWE-787

EPSS Score: 0.05% exploit probability (15.3th percentile)

Published: January 6, 2025

Last Updated: April 22, 2025

🔗 References

https://corp.mediatek.com/product-security-bulletin/January-2025 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-20146, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Android by Google

Android by Google

Android by Google

Openwrt by Openwrt

Software Development Kit by Mediatek

Yocto by Linuxfoundation

Yocto by Linuxfoundation

Yocto by Linuxfoundation

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable vulnerable wireless interfaces

Implement network segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities