CVE-2024-20102

CVSS 3.1 Score 4.9 of 10 (medium)

Details

Published Oct 7, 2024
Updated: Oct 10, 2024
CWE ID 125

Summary

CVE-2024-20102 identifies a vulnerability in the wlan driver, which allows for a potential out-of-bounds read due to inadequate input validation, possibly leading to remote information disclosure. Affected products include specific models identified as 'tvHyN5', 'sYyJEm', and 'nn8kgA.' Exploiting this vulnerability requires high privileges but does not necessitate user interaction, posing a medium-level risk with a base score of 4.9 according to the CVSS 3.1 system. Organizations can mitigate this risk by applying the patch ID ALPS08998892. Failure to address this issue could lead to significant confidentiality breaches within affected systems.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share