Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-20001

In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961601; Issue ID: DTV03961601.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 6.7, requiring local system access to exploit with relatively low complexity without requiring user interaction . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 59 products from google, from mediatek, from mediatek and 56 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2024, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2024-02-05T06:15:47.027

Last Modified

2025-05-15T20:15:41.387

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.7 (MEDIUM)

Weaknesses

Type: Primary
CWE-787
Type: Secondary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	google	android	11.0	Yes
Operating System	google	android	12.0	Yes
Operating System	google	android	13.0	Yes
Operating System	google	android	14.0	Yes
Hardware	mediatek	mt5583	-	No
Hardware	mediatek	mt5586	-	No
Hardware	mediatek	mt5691	-	No
Hardware	mediatek	mt5695	-	No
Hardware	mediatek	mt5696	-	No
Hardware	mediatek	mt9010	-	No
Hardware	mediatek	mt9011	-	No
Hardware	mediatek	mt9012	-	No
Hardware	mediatek	mt9015	-	No
Hardware	mediatek	mt9016	-	No
Hardware	mediatek	mt9020	-	No
Hardware	mediatek	mt9021	-	No
Hardware	mediatek	mt9022	-	No
Hardware	mediatek	mt9025	-	No
Hardware	mediatek	mt9026	-	No
Hardware	mediatek	mt9216	-	No
Hardware	mediatek	mt9218	-	No
Hardware	mediatek	mt9220	-	No
Hardware	mediatek	mt9221	-	No
Hardware	mediatek	mt9222	-	No
Hardware	mediatek	mt9255	-	No
Hardware	mediatek	mt9256	-	No
Hardware	mediatek	mt9266	-	No
Hardware	mediatek	mt9269	-	No
Hardware	mediatek	mt9286	-	No
Hardware	mediatek	mt9288	-	No
Hardware	mediatek	mt9602	-	No
Hardware	mediatek	mt9603	-	No
Hardware	mediatek	mt9610	-	No
Hardware	mediatek	mt9611	-	No
Hardware	mediatek	mt9612	-	No
Hardware	mediatek	mt9613	-	No
Hardware	mediatek	mt9615	-	No
Hardware	mediatek	mt9617	-	No
Hardware	mediatek	mt9618	-	No
Hardware	mediatek	mt9629	-	No
Hardware	mediatek	mt9630	-	No
Hardware	mediatek	mt9631	-	No
Hardware	mediatek	mt9632	-	No
Hardware	mediatek	mt9633	-	No
Hardware	mediatek	mt9636	-	No
Hardware	mediatek	mt9638	-	No
Hardware	mediatek	mt9639	-	No
Hardware	mediatek	mt9649	-	No
Hardware	mediatek	mt9650	-	No
Hardware	mediatek	mt9652	-	No
Hardware	mediatek	mt9653	-	No
Hardware	mediatek	mt9660	-	No
Hardware	mediatek	mt9666	-	No
Hardware	mediatek	mt9667	-	No
Hardware	mediatek	mt9669	-	No
Hardware	mediatek	mt9671	-	No
Hardware	mediatek	mt9675	-	No
Hardware	mediatek	mt9679	-	No
Hardware	mediatek	mt9685	-	No
Hardware	mediatek	mt9686	-	No
Hardware	mediatek	mt9688	-	No
Hardware	mediatek	mt9689	-	No

References

https://corp.mediatek.com/product-security-bulletin/February-2024 Vendor Advisory ([email protected])
https://corp.mediatek.com/product-security-bulletin/February-2024 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For google's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.