Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2024-20137

CVE-2024-20137: WLAN Driver Denial of Service Vulnerability

CVE-2024-20137 is a denial of service flaw in WLAN driver that enables remote attackers to disconnect clients without privileges. This article covers the technical details, affected systems, and mitigation strategies.

Published:

CVE-2024-20137 Overview

CVE-2024-20137 is a denial of service vulnerability in the MediaTek WLAN driver. The flaw stems from improper handling of exceptional conditions, which can trigger a client disconnection. A remote attacker can exploit the issue over the network without authentication or user interaction. MediaTek addressed the issue under Patch ID WCNCR00384543 and Issue ID MSV-1727, published in the MediaTek Security Bulletin for December 2024.

Critical Impact

Remote, unauthenticated attackers can disconnect wireless clients and disrupt connectivity on affected MediaTek WLAN-equipped devices.

Affected Products

  • MediaTek devices running the affected WLAN driver as listed in the MediaTek Security Bulletin December 2024
  • Specific chipset and model coverage detailed in the vendor advisory
  • Patch ID WCNCR00384543 applies to impacted firmware images

Discovery Timeline

  • 2024-12-02 - CVE-2024-20137 published to NVD
  • 2024-12 - MediaTek releases security patch via the December 2024 Security Bulletin
  • 2026-04-15 - Last updated in NVD database

Technical Details for CVE-2024-20137

Vulnerability Analysis

The vulnerability resides in the MediaTek WLAN driver and is classified under [CWE-248] Uncaught Exception. The driver fails to properly handle exceptional conditions encountered during wireless frame processing. When the unhandled condition occurs, the driver path forces an associated client to disconnect from the wireless network.

The issue requires no privileges and no user interaction. An attacker within radio range or able to inject crafted frames into the wireless medium can trigger the condition repeatedly, producing a sustained denial of service against connected clients. The EPSS score of 10.066% places the issue in the 93rd percentile for likelihood of exploitation activity.

Root Cause

The root cause is missing or insufficient exception handling in the WLAN driver code path that processes specific wireless management or control inputs. When the unexpected condition arises, the driver does not recover gracefully and instead terminates the client association. The MediaTek fix is tracked under Patch ID WCNCR00384543 and Issue ID MSV-1727.

Attack Vector

The attack vector is network based with low complexity. An adversary transmits crafted wireless traffic that places the driver into the unhandled exceptional state. No authentication to the access point or station is required, and the victim does not need to take any action. The result is loss of wireless availability for affected clients until the driver state recovers or the device reconnects.

No public proof of concept and no exploit code are referenced in the advisory. Technical specifics are restricted to the vendor bulletin. See the MediaTek Security Bulletin December 2024 for additional detail.

Detection Methods for CVE-2024-20137

Indicators of Compromise

  • Unexpected and repeated client deauthentication or disassociation events on MediaTek-based wireless interfaces
  • WLAN driver error or exception entries in kernel logs coinciding with client disconnections
  • Bursts of malformed or anomalous 802.11 management frames observed on monitored channels

Detection Strategies

  • Monitor wireless infrastructure telemetry for abnormal rates of client disconnects affecting MediaTek devices
  • Correlate driver-level kernel log entries with wireless frame captures to identify trigger patterns
  • Deploy wireless intrusion detection sensors capable of flagging malformed 802.11 frames targeting WLAN drivers

Monitoring Recommendations

  • Centralize syslog and kernel log collection from access points and client devices for trend analysis
  • Alert on sustained client churn on a single radio or BSSID that exceeds baseline thresholds
  • Track firmware and driver versions across the fleet to identify unpatched MediaTek WLAN components

How to Mitigate CVE-2024-20137

Immediate Actions Required

  • Identify devices using MediaTek WLAN chipsets and verify driver and firmware versions against the December 2024 bulletin
  • Apply vendor-supplied firmware updates that include Patch ID WCNCR00384543 as soon as they are available from the device OEM
  • Prioritize patching for devices operating in high-availability or safety-relevant wireless environments

Patch Information

MediaTek published the fix in the MediaTek Security Bulletin December 2024 under Patch ID WCNCR00384543 and Issue ID MSV-1727. Device OEMs must integrate the patched driver into their firmware images and distribute updates through their normal channels.

Workarounds

  • Restrict wireless coverage areas to reduce attacker proximity where feasible
  • Use wired connectivity for systems where wireless availability is operationally critical until patches are deployed
  • Enable wireless intrusion prevention features on managed infrastructure to drop malformed frames
bash
# Verify installed driver/firmware version on Linux clients
modinfo <mediatek_wlan_module> | grep -E "version|firmware"
dmesg | grep -iE "mt76|mtk|wlan"

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne