MediaTek Chipsets Zero-Click Vulnerability Detected by Researchers, Can Affect Routers and Smartphones

The critical zero-click vulnerability in MediaTek chipsets has been designated the label CVE-2024-20017.

Advertisement
Written by Akash Dutta, Edited by Siddharth Suvarna | Updated: 23 September 2024 16:41 IST
Highlights
  • The vulnerability was discovered by SonicWall Capture Labs
  • The reported vulnerability might exist in some Xiaomi smartphones
  • The vulnerability in the MediaTek chip allows for RCE hacks

MediaTek has released a firmware update patching the vulnerability

Photo Credit: MediaTek

MediaTek chipsets are reportedly carrying a critical vulnerability which might make it easy for hackers to exploit remote code execution (RCE) attacks. According to a cybersecurity firm, some of the chips have this vulnerability which majorly impacts devices such as routers and smartphones. Notably, the vulnerability was reported in March, however, a proof-of-concept was published recently on GitHub highlighting that exploiting this was possible. The firm has rated it a critical zero-click vulnerability with a CVSS 3.0 score of 9.8.

MediaTek Chipsets Said to Be Carrying Major Vulnerability

In a blog post, the threat research team of SonicWall Capture Labs has detailed the new vulnerability. The flaw has been designated CVE-2024-20017 and is described as a critical zero-click vulnerability. Put simply, this type of security flaw allows attackers to exploit a system remotely, without any action or interaction required from the victim. This means the user does not need to follow any templates used in a traditional phishing attack.

Advertisement

The researchers gave the vulnerability a score of 9.8, highlighting its critical nature. The issue was spotted particularly in two MediaTek Wi-Fi chipsets, MT7622 and MT7915, as well as the RTxxxx series SoftAP driver bundles. These chipsets are typically used by manufacturers such as Xiaomi, Ubiquiti, and Netgear for smartphones and routers. As per the cybersecurity firm, the vulnerability affects MediaTek SDK versions 7.4.0.1 and earlier and OpenWrt versions 19.07 and 21.02.

Coming to the exploitation, this vulnerability opens the possibility for a remote code execution. As per the researchers, attackers can use a “table overwrite technique via a return-oriented programming (ROP) chain” to gather sensitive information from the device without the need for the user to do anything.

One reason why the vulnerability is being highlighted now instead of March when it was first discovered, is because a GitHub post has showcased a proof-of-concept of the vulnerability, explaining that carrying out an attack using CVE-2024-20017 is possible.

Notably, the researchers reached out to MediaTek and the chip maker has released patches to fix the security flaw. Users have also been requested to update the firmware as soon as possible.

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. Best Mobiles Under Rs. 30,000 in India
  2. Nokia 235 4G (2026), 215 4G (2026) Launched; Nokia 210 4G, 200 4G Tag Along
  3. Best 5G Phones Under Rs. 15,000 With Long Battery Life in India
  1. Boat Stone 900 Launched in India With Up to 80W Sound Output, Up to 15 Hours Audio Playback: Price, Features
  2. Cyberpunk 2077 Has Sold 40 Million Copies, CD Projekt Red Confirms
  3. Nothing Phone 1 Receives Final Software Update With Latest Security Patches, Bug Fixes and Improvements
  4. Nokia 235 4G (2026), 215 4G (2026) Launched Alongside Nokia 210 4G, and 200 4G With AI Assistant Button
  5. Samsung Galaxy S27 Ultra Battery Details Leaked; Could Top iPhone 18 Pro Max's Battery Capacity
  6. OnePlus Ace 7 Series Tipped to Feature 185Hz Display, 9,000mAh Battery
  7. WhatsApp Rolls Out Primary Device Support on iPad, Tests New Setup Screen for Android Tablets: Report
  8. Government Directs App Stores to Remove Malicious Apps Used to Disrupt E-Rickshaw Operations: Report
  9. Sony Reportedly Restructures Disc Factory After Announcing End of Physical Game Discs on PlayStation
  10. Maharashtra Legislature Passes Amendment to Bring Virtual Digital Assets Under Depositor Protection Law
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.