MediaTek Chipsets Zero-Click Vulnerability Detected by Researchers, Can Affect Routers and Smartphones

The critical zero-click vulnerability in MediaTek chipsets has been designated the label CVE-2024-20017.

Advertisement
Written by Akash Dutta, Edited by Siddharth Suvarna | Updated: 23 September 2024 16:41 IST
Highlights
  • The vulnerability was discovered by SonicWall Capture Labs
  • The reported vulnerability might exist in some Xiaomi smartphones
  • The vulnerability in the MediaTek chip allows for RCE hacks

MediaTek has released a firmware update patching the vulnerability

Photo Credit: MediaTek

MediaTek chipsets are reportedly carrying a critical vulnerability which might make it easy for hackers to exploit remote code execution (RCE) attacks. According to a cybersecurity firm, some of the chips have this vulnerability which majorly impacts devices such as routers and smartphones. Notably, the vulnerability was reported in March, however, a proof-of-concept was published recently on GitHub highlighting that exploiting this was possible. The firm has rated it a critical zero-click vulnerability with a CVSS 3.0 score of 9.8.

MediaTek Chipsets Said to Be Carrying Major Vulnerability

In a blog post, the threat research team of SonicWall Capture Labs has detailed the new vulnerability. The flaw has been designated CVE-2024-20017 and is described as a critical zero-click vulnerability. Put simply, this type of security flaw allows attackers to exploit a system remotely, without any action or interaction required from the victim. This means the user does not need to follow any templates used in a traditional phishing attack.

The researchers gave the vulnerability a score of 9.8, highlighting its critical nature. The issue was spotted particularly in two MediaTek Wi-Fi chipsets, MT7622 and MT7915, as well as the RTxxxx series SoftAP driver bundles. These chipsets are typically used by manufacturers such as Xiaomi, Ubiquiti, and Netgear for smartphones and routers. As per the cybersecurity firm, the vulnerability affects MediaTek SDK versions 7.4.0.1 and earlier and OpenWrt versions 19.07 and 21.02.

Advertisement

Coming to the exploitation, this vulnerability opens the possibility for a remote code execution. As per the researchers, attackers can use a “table overwrite technique via a return-oriented programming (ROP) chain” to gather sensitive information from the device without the need for the user to do anything.

Advertisement

One reason why the vulnerability is being highlighted now instead of March when it was first discovered, is because a GitHub post has showcased a proof-of-concept of the vulnerability, explaining that carrying out an attack using CVE-2024-20017 is possible.

Notably, the researchers reached out to MediaTek and the chip maker has released patches to fix the security flaw. Users have also been requested to update the firmware as soon as possible.

 
Post your comments

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: MediaTek, Cybersecurity, Smartphones, Xiaomi
iPhone 15 Pro Max, iPhone 15 Pro to Cost Under Rs. 1 Lakh During Flipkart Big Billion Days Sale 2024
OnePlus Open to Be Priced Under Rs. 1 Lakh During Amazon Great Indian Festival 2024 Sale
Advertisement

Related Stories

Vivo X300 Pro Tops Xiaomi 17 Pro Max on AnTuTu's CPU Test; Dimensity 9500 Reportedly Cheaper Than Snapdragon 8 Elite Gen 5
14 October 2025
Google Said to Be Testing ‘More Efficient’ MediaTek Modem for Pixel 11 Series
4 October 2025
MediaTek Dimensity 9500 Launched; Will Debut on Oppo Find X9 Series, Vivo X300 Lineup
22 September 2025
MediaTek Dimensity 9500 Launch Date Announced; Company Designs Its First Chip Using TSMC’s 2nm Process
16 September 2025
Snapdragon 8 Elite 2, MediaTek Dimensity 9500 to Launch Without Notable Price Increase, Tipster Claims
21 July 2025
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. iQOO Neo 11 With Snapdragon 8 Elite SoC Launched: Price, Specifications
  2. Top OTT Releases of the Week: Kantara Chapter 1, Lokah Chapter 1, Idli Kadai, and More
  3. Gemini 3 AI Model Will Be Released Soon, Says Google CEO Sundar Pichai
  4. Reliance Offers Free 18-Month Google AI Pro with Gemini, Veo to Jio Users
  5. Realme GT 8 Pro Will Launch in India in November With This Chipset
  6. Vivo X300 Series With 200-Megapixel Zeiss Camera Launched Globally
  7. Samsung Galaxy S26 Series Teased to Launch With These Notable Upgrades
  8. Vivo X300 Series Launching Today: Everything You Need to Know
  9. Lava Agni 4 With Metal Design and Flat Edges Teased Ahead of Debut
#Latest Stories
  1. Scientists May Have Finally Solved the Sun’s Mysteriously Hot Atmosphere Puzzle
  2. Vivo X300 Series Launched Globally With 200-Megapixel Zeiss Camera, Up to 6.78-Inch Display: Price, Features
  3. Canva Introduces Revamped Video Editor, New AI Tools and a Marketing Platform
  4. Thode Door Thode Paas OTT Release Date: Know When and Where to Watch it Online
  5. Blackmail Now Streaming Online: Know Where to Watch This Tamil Crime Thriller Movie
  6. Eva Husson’s Playdate OTT Release Date: When and Where to Watch it Online?
  7. Raj Tarun's Chiranjeeva OTT Release Date: When and Where to Watch it Online?
  8. Bitchat Becomes Jamaica’s Go-to App as Hurricane Melissa Cripples Communication
  9. Google Maps Is Reportedly Developing a New Power Saving Mode for Navigation
  10. Take-Two CEO Says AI Won't Be 'Very Good' at Making a Game Like Grand Theft Auto
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.