CVE-2024-20154
📋 TL;DR
This vulnerability allows remote code execution on affected mobile devices when they connect to a malicious rogue base station. Attackers can exploit an out-of-bounds write in the modem firmware to execute arbitrary code without user interaction. All devices using the affected MediaTek modem chipsets are potentially vulnerable.
💻 Affected Systems
- MediaTek modem chipsets
📦 What is this software?
Lr12a by Mediatek
Lr13 by Mediatek
Nr16.r1.mp by Mediatek
Nr16.r2.mp by Mediatek
⚠️ Risk & Real-World Impact
Worst Case
Complete device compromise allowing attackers to install persistent malware, steal sensitive data, intercept communications, or use the device as part of a botnet.
Likely Case
Targeted attacks against specific individuals or organizations using rogue base stations in proximity to victims, potentially leading to data theft or surveillance.
If Mitigated
Limited impact if devices are patched and not in proximity to rogue base stations, though theoretical risk remains from sophisticated attackers.
🎯 Exploit Status
Exploitation requires attacker to operate a rogue base station with knowledge of the vulnerability; no user interaction needed
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Firmware patch MOLY00720348
Vendor Advisory: https://corp.mediatek.com/product-security-bulletin/January-2025
Restart Required: Yes
Instructions:
1. Check with device manufacturer for firmware updates. 2. Apply the MOLY00720348 patch through official firmware update channels. 3. Reboot device after update.
🔧 Temporary Workarounds
Disable automatic network selection
androidManually select trusted mobile networks instead of allowing automatic connection to any available network
Use Wi-Fi calling when available
allReduce reliance on cellular networks when in untrusted locations
🧯 If You Can't Patch
- Avoid connecting to unknown or untrusted cellular networks
- Use devices only in trusted geographic areas with known legitimate cell towers
🔍 How to Verify
Check if Vulnerable:
Check device modem firmware version against MediaTek security bulletin; contact device manufacturer for specific vulnerability statusCheck Version:
Device-specific commands vary by manufacturer; typically in Settings > About Phone > Baseband VersionVerify Fix Applied:
Verify modem firmware has been updated to version containing MOLY00720348 patch📡 Detection & Monitoring
Log Indicators:
- Unexpected base station connections
- Modem firmware crash logs
- Unusual network handoff patterns
Network Indicators:
- Connections to base stations with unusual identifiers or signal characteristics
- Abnormal cellular network behavior
SIEM Query:
Not typically applicable for mobile device modem vulnerabilities