CVE-2024-20146 is an out-of-bounds write vulnerability classified under CWE-787 found in the WLAN STA driver of multiple MediaTek chipsets, including MT2737, MT3603, MT6835, MT6878, MT6886, MT6897, MT6990, MT7902, MT7920, MT7922, MT8365, MT8518S, MT8532, MT8666, MT8667, MT8673, MT8755, MT8766, MT8768, MT8775, MT8781, MT8786, MT8788, MT8796, MT8798, and MT8893. This vulnerability stems from improper input validation in the wireless driver, which allows an attacker within wireless range (proximal or adjacent) to perform a remote code execution attack without needing any privileges or user interaction. The vulnerability affects devices running Android versions 13.0 through 15.0, SDK release 2.5 and earlier, as well as embedded Linux distributions such as openWRT 23.05 and Yocto versions 3.3, 4.0, and 5.0. The CVSS v3.1 score is 8.1, indicating high severity, with an attack vector of adjacent network, low attack complexity, no privileges required, no user interaction, and impacts on integrity and availability. The flaw could allow attackers to overwrite memory out of bounds, potentially leading to arbitrary code execution or system crashes. While no exploits are currently known in the wild, the vulnerability poses a significant risk due to its ease of exploitation and broad device impact. Patches have been identified (WCNCR00389496 / ALPS09137491) but are not linked here. This vulnerability is particularly critical for devices relying on MediaTek chipsets for wireless connectivity, including smartphones, IoT devices, and embedded systems.

The impact of CVE-2024-20146 is substantial for organizations worldwide that deploy devices using affected MediaTek chipsets. Successful exploitation can lead to remote code execution without authentication or user interaction, enabling attackers to take control of devices, disrupt services, or pivot within networks. This compromises the integrity and availability of affected systems, potentially causing device malfunctions, data corruption, or persistent malware infections. Enterprises relying on Android devices with these chipsets or embedded systems running openWRT or Yocto are at risk of operational disruption and data breaches. The proximity-based attack vector means that attackers need to be within wireless range, which could be exploited in public spaces, corporate offices, or industrial environments. The broad range of affected chipsets and software versions increases the attack surface, making it a critical concern for mobile operators, IoT deployments, and critical infrastructure sectors that use MediaTek-powered devices.

1. Apply official patches from MediaTek and device manufacturers immediately once available to remediate the vulnerability. 2. Update affected devices to the latest Android versions or embedded Linux distributions that include the fix. 3. Implement network segmentation and wireless access controls to limit exposure to untrusted wireless networks and reduce the attack surface. 4. Employ wireless intrusion detection/prevention systems (WIDS/WIPS) to monitor and block suspicious wireless activity near critical assets. 5. Disable or restrict WLAN interfaces on devices where wireless connectivity is not essential. 6. For IoT and embedded devices, enforce strict firmware update policies and verify vendor updates promptly. 7. Educate security teams to monitor for unusual device behavior or crashes that could indicate exploitation attempts. 8. Collaborate with vendors to obtain timely security advisories and patches for affected products. 9. Conduct penetration testing and vulnerability assessments focusing on wireless attack vectors in environments with MediaTek devices. 10. Consider deploying endpoint detection and response (EDR) solutions capable of detecting anomalous code execution on affected devices.