A virtually max-critical zero-click vulnerability is impacting MediaTek Wi-Fi chipsets and driver bundles utilized in routers and smartphones from varied producers, together with Ubiquiti, Xiaomi, and Netgear.
In response to SonicWall Seize Labs researchers who discovered the difficulty (CVE-2024-20017, CVSS 9.8), exploitation would open the door to distant code execution (RCE) with out consumer interplay, making the bug a conduit for simple machine takeover. Making issues worse, a public proof-of-concept exploit (PoC) lately turned obtainable, they warned.
The difficulty impacts MediaTek SDK variations 7.4.0.1 and earlier, in addition to OpenWrt 19.07 and 21.02, and affected customers ought to apply the obtainable MediaTek patches as quickly as doable.
By way of the technical particulars, the vulnerability is an out-of-bounds write problem that resides in wappd, a community daemon accountable for configuring and managing wi-fi interfaces and entry factors.
“The structure of wappd is complicated, comprising the community service itself, a set of native providers that work together with the machine’s wi-fi interfaces, and communication channels between elements by way of Unix area sockets,” the researchers defined in a weblog put up on the difficulty this week. “In the end, the vulnerability is a buffer overflow because of a size worth taken instantly from attacker-controlled packet knowledge with out bounds checking and positioned right into a reminiscence copy.”