CVE-2024-20148

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 6, 2025
CWE ID 787

Summary

CVE-2024-20148 is a newly disclosed vulnerability affecting the wlan STA Firmware. This issue involves an out-of-bounds write vulnerability, which arises due to inadequate input validation. The consequences of this flaw can result in remote code execution, requiring no additional privileges. Notably, user interaction is not necessary for an attacker to exploit this vulnerability. Patch ID WCNCR00389045 and ALPS09136494 have been released to address the issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share