MediaTek Wi-Fi Zero-Click RCE Vulnerability

Home/RCE Flaw, Security Advisory, Security Update, vulnerability, Zero Day Attack/MediaTek Wi-Fi Zero-Click RCE Vulnerability

MediaTek Wi-Fi Zero-Click RCE Vulnerability

A critical 0-click RCE vulnerability (CVE-2024-20017) in MediaTek Wi-Fi 6 chipsets, used by devices like Ubiquiti, Xiaomi, and Netgear, allows remote attacks without user interaction.

CVE-2024-20017

The vulnerability is located in the wappd network daemon, found in MediaTek’s MT7622/MT7915 SDK and RTxxxx SoftAP driver bundle, used for managing wireless interfaces and Hotspot 2.0 technologies.

According to CoffinSec, the flaw is a buffer overflow caused by copying attacker-controlled packet data without proper bounds checking, allowing up to 1433 bytes to overflow the stack.

Researchers developed four exploits for this bug, each targeting specific mitigations.

The first exploit uses a stack overflow to hijack the return instruction pointer (RIP) and redirect execution to a system() call, allowing shell commands.

The second exploit bypasses stack canaries and ASLR by corrupting a pointer, creating an arbitrary write. This overwrites the Global Offset Table (GOT) entry for read(), which then jumps to system() to execute a shell payload.

The third exploit, which targets a version with full RELRO, uses Return-Oriented Programming (ROP) to gain an arbitrary write ability. It chains gadgets to write a shell command into predictable, writable memory sections like .bss or .data. The exploit then executes the command by placing its address in the right register and calling system().

The fourth exploit, aimed at the Netgear WAX206 with ASLR, NX, full RELRO, and stack canaries, had to adapt its strategy due to arm64 semantics and inlined functions.

This exploit is less reliable compared to others because it requires the process to terminate and reach the corrupted return address. Despite this, it remains effective in certain conditions.

Significance of the Vulnerability

CVE-2024-20017 highlights the complexity of exploit development. Different techniques and approaches are required depending on the mitigations and conditions of the target environment.

Mitigation

Users of affected devices should update their firmware to the latest version to mitigate this vulnerability. The discovery underscores the challenges of securing embedded systems and the need for continuous vigilance.

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

Post Views: 208
By | 2024-09-25T00:24:46+05:30 September 23rd, 2024|RCE Flaw, Security Advisory, Security Update, vulnerability, Zero Day Attack|

About the Author:

FirstHackersNews- Identifies Security

Related Posts

Leave A Comment

Subscribe to our newsletter to receive security tips everday!