[rwth-security] CVE-2024-20017 (CVSS 9.8): Zero-Click Exploit Discovered in Popular

5 Sep 2024


      Hallo zusammen,
sofern nicht selber schon gesehen/-lesen hier [0] FYI
"CVE-2024-20017 (CVSS 9.8): Zero-Click Exploit Discovered in Popular Wi-Fi Chipsets, PoC Published"
--> original Report [1]
--> "... rooted in the wappd network daemon, a critical component of the MediaTek MT7622/MT7915 SDK
         and RTxxxx SoftAP driver bundle. These chipsets are widely used in Wifi6 (802.11ax) devices,
         including popular models from Ubiquiti, Xiaomi, and Netgear. ..."
--> PoC [2]
VG
Bernd
[0]
https://securityonline.info/cve-2024-20017-cvss-9-8-zero-click-exploit-disco...
[1]
https://blog.coffinsec.com/0day/2024/08/30/exploiting-CVE-2024-20017-four-di...
[2]
https://github.com/mellow-hype/cve-2024-20017
-- 

Bernd Kohler

IT Center
Abteilung: Netze
RWTH Aachen University
Wendlingweg 10
52074 Aachen
Tel: +49 241 80-29793
Fax: +49 241 80-22666
kohler@itc.rwth-aachen.de
www.itc.rwth-aachen.de

Social Media Kanäle des IT Centers:
https://blog.rwth-aachen.de/itc/
https://www.facebook.com/itcenterrwth
https://www.linkedin.com/company/itcenterrwth
https://twitter.com/ITCenterRWTH
https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ

2024

2023

2022

2021

2020

2019

2018

[rwth-security] CVE-2024-20017 (CVSS 9.8): Zero-Click Exploit Discovered in Popular