Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
50 vulnerabilities found for nr17r by mediatek
CVE-2026-20422 (GCVE-0-2026-20422)
Vulnerability from nvd – Published: 2026-02-02 08:14 – Updated: 2026-03-30 13:02
VLAI?
Summary
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00827332; Issue ID: MSV-5919.
Severity ?
6.5 (Medium)
CWE
- CWE-617 - Reachable Assertion
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT2735
Affected: MT2737 Affected: MT6813 Affected: MT6815 Affected: MT6833 Affected: MT6835 Affected: MT6853 Affected: MT6855 Affected: MT6858 Affected: MT6873 Affected: MT6875 Affected: MT6877 Affected: MT6878 Affected: MT6879 Affected: MT6880 Affected: MT6883 Affected: MT6885 Affected: MT6886 Affected: MT6889 Affected: MT6890 Affected: MT6891 Affected: MT6893 Affected: MT6895 Affected: MT6896 Affected: MT6897 Affected: MT6899 Affected: MT6980 Affected: MT6983 Affected: MT6985 Affected: MT6986 Affected: MT6989 Affected: MT6990 Affected: MT6991 Affected: MT6993 Affected: MT8668 Affected: MT8673 Affected: MT8675 Affected: MT8676 Affected: MT8678 Affected: MT8755 Affected: MT8771 Affected: MT8775 Affected: MT8791 Affected: MT8791T Affected: MT8792 Affected: MT8793 Affected: MT8795T Affected: MT8797 Affected: MT8798 Affected: MT8863 Affected: MT8873 Affected: MT8883 Affected: MT8893 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-20422",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T14:15:42.769658Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:15:51.861Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT2735"
},
{
"status": "affected",
"version": "MT2737"
},
{
"status": "affected",
"version": "MT6813"
},
{
"status": "affected",
"version": "MT6815"
},
{
"status": "affected",
"version": "MT6833"
},
{
"status": "affected",
"version": "MT6835"
},
{
"status": "affected",
"version": "MT6853"
},
{
"status": "affected",
"version": "MT6855"
},
{
"status": "affected",
"version": "MT6858"
},
{
"status": "affected",
"version": "MT6873"
},
{
"status": "affected",
"version": "MT6875"
},
{
"status": "affected",
"version": "MT6877"
},
{
"status": "affected",
"version": "MT6878"
},
{
"status": "affected",
"version": "MT6879"
},
{
"status": "affected",
"version": "MT6880"
},
{
"status": "affected",
"version": "MT6883"
},
{
"status": "affected",
"version": "MT6885"
},
{
"status": "affected",
"version": "MT6886"
},
{
"status": "affected",
"version": "MT6889"
},
{
"status": "affected",
"version": "MT6890"
},
{
"status": "affected",
"version": "MT6891"
},
{
"status": "affected",
"version": "MT6893"
},
{
"status": "affected",
"version": "MT6895"
},
{
"status": "affected",
"version": "MT6896"
},
{
"status": "affected",
"version": "MT6897"
},
{
"status": "affected",
"version": "MT6899"
},
{
"status": "affected",
"version": "MT6980"
},
{
"status": "affected",
"version": "MT6983"
},
{
"status": "affected",
"version": "MT6985"
},
{
"status": "affected",
"version": "MT6986"
},
{
"status": "affected",
"version": "MT6989"
},
{
"status": "affected",
"version": "MT6990"
},
{
"status": "affected",
"version": "MT6991"
},
{
"status": "affected",
"version": "MT6993"
},
{
"status": "affected",
"version": "MT8668"
},
{
"status": "affected",
"version": "MT8673"
},
{
"status": "affected",
"version": "MT8675"
},
{
"status": "affected",
"version": "MT8676"
},
{
"status": "affected",
"version": "MT8678"
},
{
"status": "affected",
"version": "MT8755"
},
{
"status": "affected",
"version": "MT8771"
},
{
"status": "affected",
"version": "MT8775"
},
{
"status": "affected",
"version": "MT8791"
},
{
"status": "affected",
"version": "MT8791T"
},
{
"status": "affected",
"version": "MT8792"
},
{
"status": "affected",
"version": "MT8793"
},
{
"status": "affected",
"version": "MT8795T"
},
{
"status": "affected",
"version": "MT8797"
},
{
"status": "affected",
"version": "MT8798"
},
{
"status": "affected",
"version": "MT8863"
},
{
"status": "affected",
"version": "MT8873"
},
{
"status": "affected",
"version": "MT8883"
},
{
"status": "affected",
"version": "MT8893"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00827332; Issue ID: MSV-5919."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617 Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T13:02:41.210Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/February-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2026-20422",
"datePublished": "2026-02-02T08:14:43.190Z",
"dateReserved": "2025-11-03T01:30:59.010Z",
"dateUpdated": "2026-03-30T13:02:41.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20420 (GCVE-0-2026-20420)
Vulnerability from nvd – Published: 2026-02-02 08:14 – Updated: 2026-03-30 13:02
VLAI?
Summary
In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738313; Issue ID: MSV-5935.
Severity ?
6.5 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT2735
Affected: MT2737 Affected: MT6813 Affected: MT6815 Affected: MT6833 Affected: MT6835 Affected: MT6853 Affected: MT6855 Affected: MT6858 Affected: MT6873 Affected: MT6875 Affected: MT6877 Affected: MT6878 Affected: MT6879 Affected: MT6880 Affected: MT6883 Affected: MT6885 Affected: MT6886 Affected: MT6889 Affected: MT6890 Affected: MT6891 Affected: MT6893 Affected: MT6895 Affected: MT6896 Affected: MT6897 Affected: MT6899 Affected: MT6980 Affected: MT6983 Affected: MT6985 Affected: MT6986 Affected: MT6989 Affected: MT6990 Affected: MT6991 Affected: MT6993 Affected: MT8676 Affected: MT8791 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-20420",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-02T18:47:39.179344Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:18:26.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT2735"
},
{
"status": "affected",
"version": "MT2737"
},
{
"status": "affected",
"version": "MT6813"
},
{
"status": "affected",
"version": "MT6815"
},
{
"status": "affected",
"version": "MT6833"
},
{
"status": "affected",
"version": "MT6835"
},
{
"status": "affected",
"version": "MT6853"
},
{
"status": "affected",
"version": "MT6855"
},
{
"status": "affected",
"version": "MT6858"
},
{
"status": "affected",
"version": "MT6873"
},
{
"status": "affected",
"version": "MT6875"
},
{
"status": "affected",
"version": "MT6877"
},
{
"status": "affected",
"version": "MT6878"
},
{
"status": "affected",
"version": "MT6879"
},
{
"status": "affected",
"version": "MT6880"
},
{
"status": "affected",
"version": "MT6883"
},
{
"status": "affected",
"version": "MT6885"
},
{
"status": "affected",
"version": "MT6886"
},
{
"status": "affected",
"version": "MT6889"
},
{
"status": "affected",
"version": "MT6890"
},
{
"status": "affected",
"version": "MT6891"
},
{
"status": "affected",
"version": "MT6893"
},
{
"status": "affected",
"version": "MT6895"
},
{
"status": "affected",
"version": "MT6896"
},
{
"status": "affected",
"version": "MT6897"
},
{
"status": "affected",
"version": "MT6899"
},
{
"status": "affected",
"version": "MT6980"
},
{
"status": "affected",
"version": "MT6983"
},
{
"status": "affected",
"version": "MT6985"
},
{
"status": "affected",
"version": "MT6986"
},
{
"status": "affected",
"version": "MT6989"
},
{
"status": "affected",
"version": "MT6990"
},
{
"status": "affected",
"version": "MT6991"
},
{
"status": "affected",
"version": "MT6993"
},
{
"status": "affected",
"version": "MT8676"
},
{
"status": "affected",
"version": "MT8791"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738313; Issue ID: MSV-5935."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T13:02:30.303Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/February-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2026-20420",
"datePublished": "2026-02-02T08:14:32.385Z",
"dateReserved": "2025-11-03T01:30:59.010Z",
"dateUpdated": "2026-03-30T13:02:30.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20406 (GCVE-0-2026-20406)
Vulnerability from nvd – Published: 2026-02-02 08:14 – Updated: 2026-03-30 13:02
VLAI?
Summary
In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01726634; Issue ID: MSV-5728.
Severity ?
6.5 (Medium)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT2735
Affected: MT2737 Affected: MT6813 Affected: MT6815 Affected: MT6833 Affected: MT6835 Affected: MT6853 Affected: MT6855 Affected: MT6858 Affected: MT6873 Affected: MT6875 Affected: MT6877 Affected: MT6878 Affected: MT6879 Affected: MT6880 Affected: MT6883 Affected: MT6885 Affected: MT6886 Affected: MT6889 Affected: MT6890 Affected: MT6891 Affected: MT6893 Affected: MT6895 Affected: MT6896 Affected: MT6897 Affected: MT6899 Affected: MT6980 Affected: MT6983 Affected: MT6985 Affected: MT6986 Affected: MT6989 Affected: MT6990 Affected: MT6991 Affected: MT6993 Affected: MT8668 Affected: MT8673 Affected: MT8675 Affected: MT8676 Affected: MT8678 Affected: MT8755 Affected: MT8771 Affected: MT8791 Affected: MT8791T Affected: MT8792 Affected: MT8793 Affected: MT8795T Affected: MT8797 Affected: MT8798 Affected: MT8863 Affected: MT8873 Affected: MT8883 Affected: MT8893 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-20406",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T14:13:31.407121Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:13:54.700Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT2735"
},
{
"status": "affected",
"version": "MT2737"
},
{
"status": "affected",
"version": "MT6813"
},
{
"status": "affected",
"version": "MT6815"
},
{
"status": "affected",
"version": "MT6833"
},
{
"status": "affected",
"version": "MT6835"
},
{
"status": "affected",
"version": "MT6853"
},
{
"status": "affected",
"version": "MT6855"
},
{
"status": "affected",
"version": "MT6858"
},
{
"status": "affected",
"version": "MT6873"
},
{
"status": "affected",
"version": "MT6875"
},
{
"status": "affected",
"version": "MT6877"
},
{
"status": "affected",
"version": "MT6878"
},
{
"status": "affected",
"version": "MT6879"
},
{
"status": "affected",
"version": "MT6880"
},
{
"status": "affected",
"version": "MT6883"
},
{
"status": "affected",
"version": "MT6885"
},
{
"status": "affected",
"version": "MT6886"
},
{
"status": "affected",
"version": "MT6889"
},
{
"status": "affected",
"version": "MT6890"
},
{
"status": "affected",
"version": "MT6891"
},
{
"status": "affected",
"version": "MT6893"
},
{
"status": "affected",
"version": "MT6895"
},
{
"status": "affected",
"version": "MT6896"
},
{
"status": "affected",
"version": "MT6897"
},
{
"status": "affected",
"version": "MT6899"
},
{
"status": "affected",
"version": "MT6980"
},
{
"status": "affected",
"version": "MT6983"
},
{
"status": "affected",
"version": "MT6985"
},
{
"status": "affected",
"version": "MT6986"
},
{
"status": "affected",
"version": "MT6989"
},
{
"status": "affected",
"version": "MT6990"
},
{
"status": "affected",
"version": "MT6991"
},
{
"status": "affected",
"version": "MT6993"
},
{
"status": "affected",
"version": "MT8668"
},
{
"status": "affected",
"version": "MT8673"
},
{
"status": "affected",
"version": "MT8675"
},
{
"status": "affected",
"version": "MT8676"
},
{
"status": "affected",
"version": "MT8678"
},
{
"status": "affected",
"version": "MT8755"
},
{
"status": "affected",
"version": "MT8771"
},
{
"status": "affected",
"version": "MT8791"
},
{
"status": "affected",
"version": "MT8791T"
},
{
"status": "affected",
"version": "MT8792"
},
{
"status": "affected",
"version": "MT8793"
},
{
"status": "affected",
"version": "MT8795T"
},
{
"status": "affected",
"version": "MT8797"
},
{
"status": "affected",
"version": "MT8798"
},
{
"status": "affected",
"version": "MT8863"
},
{
"status": "affected",
"version": "MT8873"
},
{
"status": "affected",
"version": "MT8883"
},
{
"status": "affected",
"version": "MT8893"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01726634; Issue ID: MSV-5728."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T13:02:51.973Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/February-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2026-20406",
"datePublished": "2026-02-02T08:14:52.889Z",
"dateReserved": "2025-11-03T01:30:59.007Z",
"dateUpdated": "2026-03-30T13:02:51.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20405 (GCVE-0-2026-20405)
Vulnerability from nvd – Published: 2026-02-02 08:14 – Updated: 2026-03-30 13:02
VLAI?
Summary
In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01688495; Issue ID: MSV-4818.
Severity ?
6.5 (Medium)
CWE
- CWE-617 - Reachable Assertion
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT2735
Affected: MT2737 Affected: MT6813 Affected: MT6815 Affected: MT6833 Affected: MT6835 Affected: MT6853 Affected: MT6855 Affected: MT6858 Affected: MT6873 Affected: MT6875 Affected: MT6877 Affected: MT6878 Affected: MT6879 Affected: MT6880 Affected: MT6883 Affected: MT6885 Affected: MT6886 Affected: MT6889 Affected: MT6890 Affected: MT6891 Affected: MT6893 Affected: MT6895 Affected: MT6896 Affected: MT6897 Affected: MT6899 Affected: MT6980 Affected: MT6983 Affected: MT6985 Affected: MT6986 Affected: MT6989 Affected: MT6990 Affected: MT6991 Affected: MT6993 Affected: MT8668 Affected: MT8673 Affected: MT8675 Affected: MT8676 Affected: MT8678 Affected: MT8755 Affected: MT8771 Affected: MT8791 Affected: MT8791T Affected: MT8792 Affected: MT8793 Affected: MT8795T Affected: MT8797 Affected: MT8798 Affected: MT8863 Affected: MT8873 Affected: MT8883 Affected: MT8893 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-20405",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T14:14:10.553618Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:14:19.474Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT2735"
},
{
"status": "affected",
"version": "MT2737"
},
{
"status": "affected",
"version": "MT6813"
},
{
"status": "affected",
"version": "MT6815"
},
{
"status": "affected",
"version": "MT6833"
},
{
"status": "affected",
"version": "MT6835"
},
{
"status": "affected",
"version": "MT6853"
},
{
"status": "affected",
"version": "MT6855"
},
{
"status": "affected",
"version": "MT6858"
},
{
"status": "affected",
"version": "MT6873"
},
{
"status": "affected",
"version": "MT6875"
},
{
"status": "affected",
"version": "MT6877"
},
{
"status": "affected",
"version": "MT6878"
},
{
"status": "affected",
"version": "MT6879"
},
{
"status": "affected",
"version": "MT6880"
},
{
"status": "affected",
"version": "MT6883"
},
{
"status": "affected",
"version": "MT6885"
},
{
"status": "affected",
"version": "MT6886"
},
{
"status": "affected",
"version": "MT6889"
},
{
"status": "affected",
"version": "MT6890"
},
{
"status": "affected",
"version": "MT6891"
},
{
"status": "affected",
"version": "MT6893"
},
{
"status": "affected",
"version": "MT6895"
},
{
"status": "affected",
"version": "MT6896"
},
{
"status": "affected",
"version": "MT6897"
},
{
"status": "affected",
"version": "MT6899"
},
{
"status": "affected",
"version": "MT6980"
},
{
"status": "affected",
"version": "MT6983"
},
{
"status": "affected",
"version": "MT6985"
},
{
"status": "affected",
"version": "MT6986"
},
{
"status": "affected",
"version": "MT6989"
},
{
"status": "affected",
"version": "MT6990"
},
{
"status": "affected",
"version": "MT6991"
},
{
"status": "affected",
"version": "MT6993"
},
{
"status": "affected",
"version": "MT8668"
},
{
"status": "affected",
"version": "MT8673"
},
{
"status": "affected",
"version": "MT8675"
},
{
"status": "affected",
"version": "MT8676"
},
{
"status": "affected",
"version": "MT8678"
},
{
"status": "affected",
"version": "MT8755"
},
{
"status": "affected",
"version": "MT8771"
},
{
"status": "affected",
"version": "MT8791"
},
{
"status": "affected",
"version": "MT8791T"
},
{
"status": "affected",
"version": "MT8792"
},
{
"status": "affected",
"version": "MT8793"
},
{
"status": "affected",
"version": "MT8795T"
},
{
"status": "affected",
"version": "MT8797"
},
{
"status": "affected",
"version": "MT8798"
},
{
"status": "affected",
"version": "MT8863"
},
{
"status": "affected",
"version": "MT8873"
},
{
"status": "affected",
"version": "MT8883"
},
{
"status": "affected",
"version": "MT8893"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01688495; Issue ID: MSV-4818."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617 Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T13:02:49.377Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/February-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2026-20405",
"datePublished": "2026-02-02T08:14:50.854Z",
"dateReserved": "2025-11-03T01:30:59.007Z",
"dateUpdated": "2026-03-30T13:02:49.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20404 (GCVE-0-2026-20404)
Vulnerability from nvd – Published: 2026-02-02 08:14 – Updated: 2026-03-30 13:02
VLAI?
Summary
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689248; Issue ID: MSV-4837.
Severity ?
6.5 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT2735
Affected: MT2737 Affected: MT6813 Affected: MT6815 Affected: MT6833 Affected: MT6835 Affected: MT6853 Affected: MT6855 Affected: MT6858 Affected: MT6873 Affected: MT6875 Affected: MT6877 Affected: MT6878 Affected: MT6879 Affected: MT6880 Affected: MT6883 Affected: MT6885 Affected: MT6886 Affected: MT6889 Affected: MT6890 Affected: MT6891 Affected: MT6893 Affected: MT6895 Affected: MT6896 Affected: MT6897 Affected: MT6899 Affected: MT6980 Affected: MT6983 Affected: MT6985 Affected: MT6986 Affected: MT6989 Affected: MT6990 Affected: MT6991 Affected: MT6993 Affected: MT8668 Affected: MT8673 Affected: MT8675 Affected: MT8676 Affected: MT8678 Affected: MT8755 Affected: MT8771 Affected: MT8791 Affected: MT8791T Affected: MT8792 Affected: MT8793 Affected: MT8795T Affected: MT8797 Affected: MT8798 Affected: MT8863 Affected: MT8873 Affected: MT8883 Affected: MT8893 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-20404",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T14:14:30.224452Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:14:45.295Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT2735"
},
{
"status": "affected",
"version": "MT2737"
},
{
"status": "affected",
"version": "MT6813"
},
{
"status": "affected",
"version": "MT6815"
},
{
"status": "affected",
"version": "MT6833"
},
{
"status": "affected",
"version": "MT6835"
},
{
"status": "affected",
"version": "MT6853"
},
{
"status": "affected",
"version": "MT6855"
},
{
"status": "affected",
"version": "MT6858"
},
{
"status": "affected",
"version": "MT6873"
},
{
"status": "affected",
"version": "MT6875"
},
{
"status": "affected",
"version": "MT6877"
},
{
"status": "affected",
"version": "MT6878"
},
{
"status": "affected",
"version": "MT6879"
},
{
"status": "affected",
"version": "MT6880"
},
{
"status": "affected",
"version": "MT6883"
},
{
"status": "affected",
"version": "MT6885"
},
{
"status": "affected",
"version": "MT6886"
},
{
"status": "affected",
"version": "MT6889"
},
{
"status": "affected",
"version": "MT6890"
},
{
"status": "affected",
"version": "MT6891"
},
{
"status": "affected",
"version": "MT6893"
},
{
"status": "affected",
"version": "MT6895"
},
{
"status": "affected",
"version": "MT6896"
},
{
"status": "affected",
"version": "MT6897"
},
{
"status": "affected",
"version": "MT6899"
},
{
"status": "affected",
"version": "MT6980"
},
{
"status": "affected",
"version": "MT6983"
},
{
"status": "affected",
"version": "MT6985"
},
{
"status": "affected",
"version": "MT6986"
},
{
"status": "affected",
"version": "MT6989"
},
{
"status": "affected",
"version": "MT6990"
},
{
"status": "affected",
"version": "MT6991"
},
{
"status": "affected",
"version": "MT6993"
},
{
"status": "affected",
"version": "MT8668"
},
{
"status": "affected",
"version": "MT8673"
},
{
"status": "affected",
"version": "MT8675"
},
{
"status": "affected",
"version": "MT8676"
},
{
"status": "affected",
"version": "MT8678"
},
{
"status": "affected",
"version": "MT8755"
},
{
"status": "affected",
"version": "MT8771"
},
{
"status": "affected",
"version": "MT8791"
},
{
"status": "affected",
"version": "MT8791T"
},
{
"status": "affected",
"version": "MT8792"
},
{
"status": "affected",
"version": "MT8793"
},
{
"status": "affected",
"version": "MT8795T"
},
{
"status": "affected",
"version": "MT8797"
},
{
"status": "affected",
"version": "MT8798"
},
{
"status": "affected",
"version": "MT8863"
},
{
"status": "affected",
"version": "MT8873"
},
{
"status": "affected",
"version": "MT8883"
},
{
"status": "affected",
"version": "MT8893"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689248; Issue ID: MSV-4837."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T13:02:46.700Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/February-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2026-20404",
"datePublished": "2026-02-02T08:14:48.928Z",
"dateReserved": "2025-11-03T01:30:59.007Z",
"dateUpdated": "2026-03-30T13:02:46.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20403 (GCVE-0-2026-20403)
Vulnerability from nvd – Published: 2026-02-02 08:14 – Updated: 2026-03-30 13:02
VLAI?
Summary
In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689254 (Note: For N15 and NR16) / MOLY01689259 (Note: For NR17 and NR17R); Issue ID: MSV-4843.
Severity ?
6.5 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT2735
Affected: MT2737 Affected: MT6813 Affected: MT6815 Affected: MT6833 Affected: MT6835 Affected: MT6853 Affected: MT6855 Affected: MT6873 Affected: MT6875 Affected: MT6877 Affected: MT6878 Affected: MT6879 Affected: MT6880 Affected: MT6883 Affected: MT6885 Affected: MT6886 Affected: MT6889 Affected: MT6890 Affected: MT6891 Affected: MT6893 Affected: MT6895 Affected: MT6896 Affected: MT6897 Affected: MT6899 Affected: MT6980 Affected: MT6983 Affected: MT6985 Affected: MT6989 Affected: MT6990 Affected: MT6991 Affected: MT6993 Affected: MT8673 Affected: MT8675 Affected: MT8676 Affected: MT8771 Affected: MT8791 Affected: MT8791T Affected: MT8795T Affected: MT8797 Affected: MT8798 Affected: MT8893 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-20403",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T14:15:17.296300Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:15:26.288Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT2735"
},
{
"status": "affected",
"version": "MT2737"
},
{
"status": "affected",
"version": "MT6813"
},
{
"status": "affected",
"version": "MT6815"
},
{
"status": "affected",
"version": "MT6833"
},
{
"status": "affected",
"version": "MT6835"
},
{
"status": "affected",
"version": "MT6853"
},
{
"status": "affected",
"version": "MT6855"
},
{
"status": "affected",
"version": "MT6873"
},
{
"status": "affected",
"version": "MT6875"
},
{
"status": "affected",
"version": "MT6877"
},
{
"status": "affected",
"version": "MT6878"
},
{
"status": "affected",
"version": "MT6879"
},
{
"status": "affected",
"version": "MT6880"
},
{
"status": "affected",
"version": "MT6883"
},
{
"status": "affected",
"version": "MT6885"
},
{
"status": "affected",
"version": "MT6886"
},
{
"status": "affected",
"version": "MT6889"
},
{
"status": "affected",
"version": "MT6890"
},
{
"status": "affected",
"version": "MT6891"
},
{
"status": "affected",
"version": "MT6893"
},
{
"status": "affected",
"version": "MT6895"
},
{
"status": "affected",
"version": "MT6896"
},
{
"status": "affected",
"version": "MT6897"
},
{
"status": "affected",
"version": "MT6899"
},
{
"status": "affected",
"version": "MT6980"
},
{
"status": "affected",
"version": "MT6983"
},
{
"status": "affected",
"version": "MT6985"
},
{
"status": "affected",
"version": "MT6989"
},
{
"status": "affected",
"version": "MT6990"
},
{
"status": "affected",
"version": "MT6991"
},
{
"status": "affected",
"version": "MT6993"
},
{
"status": "affected",
"version": "MT8673"
},
{
"status": "affected",
"version": "MT8675"
},
{
"status": "affected",
"version": "MT8676"
},
{
"status": "affected",
"version": "MT8771"
},
{
"status": "affected",
"version": "MT8791"
},
{
"status": "affected",
"version": "MT8791T"
},
{
"status": "affected",
"version": "MT8795T"
},
{
"status": "affected",
"version": "MT8797"
},
{
"status": "affected",
"version": "MT8798"
},
{
"status": "affected",
"version": "MT8893"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689254 (Note: For N15 and NR16) / MOLY01689259 (Note: For NR17 and NR17R); Issue ID: MSV-4843."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T13:02:43.931Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/February-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2026-20403",
"datePublished": "2026-02-02T08:14:45.891Z",
"dateReserved": "2025-11-03T01:30:59.007Z",
"dateUpdated": "2026-03-30T13:02:43.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20794 (GCVE-0-2025-20794)
Vulnerability from nvd – Published: 2026-01-06 01:46 – Updated: 2026-03-30 13:03
VLAI?
Summary
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689259 / MOLY01586470; Issue ID: MSV-4847.
Severity ?
6.5 (Medium)
CWE
- CWE-121 - Stack Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT2735
Affected: MT2737 Affected: MT6813 Affected: MT6815 Affected: MT6833 Affected: MT6835 Affected: MT6853 Affected: MT6855 Affected: MT6873 Affected: MT6875 Affected: MT6877 Affected: MT6878 Affected: MT6879 Affected: MT6880 Affected: MT6883 Affected: MT6885 Affected: MT6886 Affected: MT6889 Affected: MT6890 Affected: MT6891 Affected: MT6893 Affected: MT6895 Affected: MT6896 Affected: MT6897 Affected: MT6899 Affected: MT6980 Affected: MT6983 Affected: MT6985 Affected: MT6986 Affected: MT6989 Affected: MT6990 Affected: MT6991 Affected: MT6993 Affected: MT8673 Affected: MT8675 Affected: MT8676 Affected: MT8678 Affected: MT8755 Affected: MT8771 Affected: MT8791 Affected: MT8791T Affected: MT8792 Affected: MT8793 Affected: MT8795T Affected: MT8797 Affected: MT8798 Affected: MT8863 Affected: MT8873 Affected: MT8883 Affected: MT8893 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-20794",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T14:21:10.532009Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:21:13.568Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT2735"
},
{
"status": "affected",
"version": "MT2737"
},
{
"status": "affected",
"version": "MT6813"
},
{
"status": "affected",
"version": "MT6815"
},
{
"status": "affected",
"version": "MT6833"
},
{
"status": "affected",
"version": "MT6835"
},
{
"status": "affected",
"version": "MT6853"
},
{
"status": "affected",
"version": "MT6855"
},
{
"status": "affected",
"version": "MT6873"
},
{
"status": "affected",
"version": "MT6875"
},
{
"status": "affected",
"version": "MT6877"
},
{
"status": "affected",
"version": "MT6878"
},
{
"status": "affected",
"version": "MT6879"
},
{
"status": "affected",
"version": "MT6880"
},
{
"status": "affected",
"version": "MT6883"
},
{
"status": "affected",
"version": "MT6885"
},
{
"status": "affected",
"version": "MT6886"
},
{
"status": "affected",
"version": "MT6889"
},
{
"status": "affected",
"version": "MT6890"
},
{
"status": "affected",
"version": "MT6891"
},
{
"status": "affected",
"version": "MT6893"
},
{
"status": "affected",
"version": "MT6895"
},
{
"status": "affected",
"version": "MT6896"
},
{
"status": "affected",
"version": "MT6897"
},
{
"status": "affected",
"version": "MT6899"
},
{
"status": "affected",
"version": "MT6980"
},
{
"status": "affected",
"version": "MT6983"
},
{
"status": "affected",
"version": "MT6985"
},
{
"status": "affected",
"version": "MT6986"
},
{
"status": "affected",
"version": "MT6989"
},
{
"status": "affected",
"version": "MT6990"
},
{
"status": "affected",
"version": "MT6991"
},
{
"status": "affected",
"version": "MT6993"
},
{
"status": "affected",
"version": "MT8673"
},
{
"status": "affected",
"version": "MT8675"
},
{
"status": "affected",
"version": "MT8676"
},
{
"status": "affected",
"version": "MT8678"
},
{
"status": "affected",
"version": "MT8755"
},
{
"status": "affected",
"version": "MT8771"
},
{
"status": "affected",
"version": "MT8791"
},
{
"status": "affected",
"version": "MT8791T"
},
{
"status": "affected",
"version": "MT8792"
},
{
"status": "affected",
"version": "MT8793"
},
{
"status": "affected",
"version": "MT8795T"
},
{
"status": "affected",
"version": "MT8797"
},
{
"status": "affected",
"version": "MT8798"
},
{
"status": "affected",
"version": "MT8863"
},
{
"status": "affected",
"version": "MT8873"
},
{
"status": "affected",
"version": "MT8883"
},
{
"status": "affected",
"version": "MT8893"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689259 / MOLY01586470; Issue ID: MSV-4847."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T13:03:54.464Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/January-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2025-20794",
"datePublished": "2026-01-06T01:46:31.408Z",
"dateReserved": "2024-11-01T01:21:50.403Z",
"dateUpdated": "2026-03-30T13:03:54.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20793 (GCVE-0-2025-20793)
Vulnerability from nvd – Published: 2026-01-06 01:46 – Updated: 2026-03-30 13:03
VLAI?
Summary
In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01430930; Issue ID: MSV-4836.
Severity ?
6.5 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT2735
Affected: MT2737 Affected: MT6813 Affected: MT6815 Affected: MT6833 Affected: MT6835 Affected: MT6853 Affected: MT6855 Affected: MT6873 Affected: MT6875 Affected: MT6877 Affected: MT6878 Affected: MT6879 Affected: MT6880 Affected: MT6883 Affected: MT6885 Affected: MT6886 Affected: MT6889 Affected: MT6890 Affected: MT6891 Affected: MT6893 Affected: MT6895 Affected: MT6896 Affected: MT6897 Affected: MT6899 Affected: MT6980 Affected: MT6983 Affected: MT6985 Affected: MT6989 Affected: MT6990 Affected: MT6991 Affected: MT6993 Affected: MT8673 Affected: MT8675 Affected: MT8676 Affected: MT8678 Affected: MT8755 Affected: MT8771 Affected: MT8791 Affected: MT8791T Affected: MT8792 Affected: MT8793 Affected: MT8795T Affected: MT8797 Affected: MT8798 Affected: MT8863 Affected: MT8873 Affected: MT8883 Affected: MT8893 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-20793",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T14:20:39.628921Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:20:42.396Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT2735"
},
{
"status": "affected",
"version": "MT2737"
},
{
"status": "affected",
"version": "MT6813"
},
{
"status": "affected",
"version": "MT6815"
},
{
"status": "affected",
"version": "MT6833"
},
{
"status": "affected",
"version": "MT6835"
},
{
"status": "affected",
"version": "MT6853"
},
{
"status": "affected",
"version": "MT6855"
},
{
"status": "affected",
"version": "MT6873"
},
{
"status": "affected",
"version": "MT6875"
},
{
"status": "affected",
"version": "MT6877"
},
{
"status": "affected",
"version": "MT6878"
},
{
"status": "affected",
"version": "MT6879"
},
{
"status": "affected",
"version": "MT6880"
},
{
"status": "affected",
"version": "MT6883"
},
{
"status": "affected",
"version": "MT6885"
},
{
"status": "affected",
"version": "MT6886"
},
{
"status": "affected",
"version": "MT6889"
},
{
"status": "affected",
"version": "MT6890"
},
{
"status": "affected",
"version": "MT6891"
},
{
"status": "affected",
"version": "MT6893"
},
{
"status": "affected",
"version": "MT6895"
},
{
"status": "affected",
"version": "MT6896"
},
{
"status": "affected",
"version": "MT6897"
},
{
"status": "affected",
"version": "MT6899"
},
{
"status": "affected",
"version": "MT6980"
},
{
"status": "affected",
"version": "MT6983"
},
{
"status": "affected",
"version": "MT6985"
},
{
"status": "affected",
"version": "MT6989"
},
{
"status": "affected",
"version": "MT6990"
},
{
"status": "affected",
"version": "MT6991"
},
{
"status": "affected",
"version": "MT6993"
},
{
"status": "affected",
"version": "MT8673"
},
{
"status": "affected",
"version": "MT8675"
},
{
"status": "affected",
"version": "MT8676"
},
{
"status": "affected",
"version": "MT8678"
},
{
"status": "affected",
"version": "MT8755"
},
{
"status": "affected",
"version": "MT8771"
},
{
"status": "affected",
"version": "MT8791"
},
{
"status": "affected",
"version": "MT8791T"
},
{
"status": "affected",
"version": "MT8792"
},
{
"status": "affected",
"version": "MT8793"
},
{
"status": "affected",
"version": "MT8795T"
},
{
"status": "affected",
"version": "MT8797"
},
{
"status": "affected",
"version": "MT8798"
},
{
"status": "affected",
"version": "MT8863"
},
{
"status": "affected",
"version": "MT8873"
},
{
"status": "affected",
"version": "MT8883"
},
{
"status": "affected",
"version": "MT8893"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01430930; Issue ID: MSV-4836."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T13:03:56.962Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/January-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2025-20793",
"datePublished": "2026-01-06T01:46:33.180Z",
"dateReserved": "2024-11-01T01:21:50.402Z",
"dateUpdated": "2026-03-30T13:03:56.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20758 (GCVE-0-2025-20758)
Vulnerability from nvd – Published: 2025-12-02 02:34 – Updated: 2025-12-02 14:37
VLAI?
Summary
In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673755; Issue ID: MSV-4647.
Severity ?
4.9 (Medium)
CWE
- CWE-248 - Uncaught Exception
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-20758",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T14:32:24.765697Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T14:37:10.220Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2735, MT2737, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Modem NR15, NR16, NR17, NR17R"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673755; Issue ID: MSV-4647."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248 Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T02:34:13.024Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/December-2025"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2025-20758",
"datePublished": "2025-12-02T02:34:13.024Z",
"dateReserved": "2024-11-01T01:21:50.397Z",
"dateUpdated": "2025-12-02T14:37:10.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20754 (GCVE-0-2025-20754)
Vulnerability from nvd – Published: 2025-12-02 02:34 – Updated: 2025-12-02 14:39
VLAI?
Summary
In Modem, there is a possible system crash due to an incorrect bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689251; Issue ID: MSV-4840.
Severity ?
5.3 (Medium)
CWE
- CWE-248 - Uncaught Exception
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-20754",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T14:39:36.472352Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T14:39:42.567Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2735, MT2737, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Modem NR15, NR16, NR17, NR17R"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to an incorrect bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689251; Issue ID: MSV-4840."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248 Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T02:34:05.891Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/December-2025"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2025-20754",
"datePublished": "2025-12-02T02:34:05.891Z",
"dateReserved": "2024-11-01T01:21:50.397Z",
"dateUpdated": "2025-12-02T14:39:42.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20752 (GCVE-0-2025-20752)
Vulnerability from nvd – Published: 2025-12-02 02:34 – Updated: 2026-02-17 14:27
VLAI?
Summary
In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01270690; Issue ID: MSV-4301.
Severity ?
6.5 (Medium)
CWE
- CWE-617 - Reachable Assertion
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-20752",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T14:34:59.384733Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:27:10.658Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2735, MT2737, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8676, MT8791T",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Modem NR15, NR16, NR17, NR17R"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01270690; Issue ID: MSV-4301."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617 Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T02:34:18.215Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/December-2025"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2025-20752",
"datePublished": "2025-12-02T02:34:18.215Z",
"dateReserved": "2024-11-01T01:21:50.397Z",
"dateUpdated": "2026-02-17T14:27:10.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20727 (GCVE-0-2025-20727)
Vulnerability from nvd – Published: 2025-11-04 06:19 – Updated: 2026-02-26 17:47
VLAI?
Summary
In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672601; Issue ID: MSV-4623.
Severity ?
8.1 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-20727",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-05T04:55:36.469461Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:47:28.676Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2735, MT2737, MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6771, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8666, MT8667, MT8673, MT8675, MT8676, MT8678, MT8765, MT8766, MT8766R, MT8768, MT8771, MT8786, MT8788, MT8788E, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Modem LR12A, NR15, NR16, NR17, NR17R"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672601; Issue ID: MSV-4623."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T06:19:40.087Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/November-2025"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2025-20727",
"datePublished": "2025-11-04T06:19:40.087Z",
"dateReserved": "2024-11-01T01:21:50.392Z",
"dateUpdated": "2026-02-26T17:47:28.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20726 (GCVE-0-2025-20726)
Vulnerability from nvd – Published: 2025-11-04 06:19 – Updated: 2026-02-26 17:47
VLAI?
Summary
In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672598; Issue ID: MSV-4622.
Severity ?
7.5 (High)
CWE
- CWE-122 - Heap Overflow
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-20726",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-05T04:55:37.259864Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:47:28.321Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2735, MT2737, MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6771, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8666, MT8667, MT8673, MT8675, MT8676, MT8678, MT8765, MT8766, MT8766R, MT8768, MT8771, MT8786, MT8788, MT8788E, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Modem LR12A, NR15, NR16, NR17, NR17R"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672598; Issue ID: MSV-4622."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T06:19:41.827Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/November-2025"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2025-20726",
"datePublished": "2025-11-04T06:19:41.827Z",
"dateReserved": "2024-11-01T01:21:50.392Z",
"dateUpdated": "2026-02-26T17:47:28.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20406 (GCVE-0-2026-20406)
Vulnerability from cvelistv5 – Published: 2026-02-02 08:14 – Updated: 2026-03-30 13:02
VLAI?
Summary
In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01726634; Issue ID: MSV-5728.
Severity ?
6.5 (Medium)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT2735
Affected: MT2737 Affected: MT6813 Affected: MT6815 Affected: MT6833 Affected: MT6835 Affected: MT6853 Affected: MT6855 Affected: MT6858 Affected: MT6873 Affected: MT6875 Affected: MT6877 Affected: MT6878 Affected: MT6879 Affected: MT6880 Affected: MT6883 Affected: MT6885 Affected: MT6886 Affected: MT6889 Affected: MT6890 Affected: MT6891 Affected: MT6893 Affected: MT6895 Affected: MT6896 Affected: MT6897 Affected: MT6899 Affected: MT6980 Affected: MT6983 Affected: MT6985 Affected: MT6986 Affected: MT6989 Affected: MT6990 Affected: MT6991 Affected: MT6993 Affected: MT8668 Affected: MT8673 Affected: MT8675 Affected: MT8676 Affected: MT8678 Affected: MT8755 Affected: MT8771 Affected: MT8791 Affected: MT8791T Affected: MT8792 Affected: MT8793 Affected: MT8795T Affected: MT8797 Affected: MT8798 Affected: MT8863 Affected: MT8873 Affected: MT8883 Affected: MT8893 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-20406",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T14:13:31.407121Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:13:54.700Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT2735"
},
{
"status": "affected",
"version": "MT2737"
},
{
"status": "affected",
"version": "MT6813"
},
{
"status": "affected",
"version": "MT6815"
},
{
"status": "affected",
"version": "MT6833"
},
{
"status": "affected",
"version": "MT6835"
},
{
"status": "affected",
"version": "MT6853"
},
{
"status": "affected",
"version": "MT6855"
},
{
"status": "affected",
"version": "MT6858"
},
{
"status": "affected",
"version": "MT6873"
},
{
"status": "affected",
"version": "MT6875"
},
{
"status": "affected",
"version": "MT6877"
},
{
"status": "affected",
"version": "MT6878"
},
{
"status": "affected",
"version": "MT6879"
},
{
"status": "affected",
"version": "MT6880"
},
{
"status": "affected",
"version": "MT6883"
},
{
"status": "affected",
"version": "MT6885"
},
{
"status": "affected",
"version": "MT6886"
},
{
"status": "affected",
"version": "MT6889"
},
{
"status": "affected",
"version": "MT6890"
},
{
"status": "affected",
"version": "MT6891"
},
{
"status": "affected",
"version": "MT6893"
},
{
"status": "affected",
"version": "MT6895"
},
{
"status": "affected",
"version": "MT6896"
},
{
"status": "affected",
"version": "MT6897"
},
{
"status": "affected",
"version": "MT6899"
},
{
"status": "affected",
"version": "MT6980"
},
{
"status": "affected",
"version": "MT6983"
},
{
"status": "affected",
"version": "MT6985"
},
{
"status": "affected",
"version": "MT6986"
},
{
"status": "affected",
"version": "MT6989"
},
{
"status": "affected",
"version": "MT6990"
},
{
"status": "affected",
"version": "MT6991"
},
{
"status": "affected",
"version": "MT6993"
},
{
"status": "affected",
"version": "MT8668"
},
{
"status": "affected",
"version": "MT8673"
},
{
"status": "affected",
"version": "MT8675"
},
{
"status": "affected",
"version": "MT8676"
},
{
"status": "affected",
"version": "MT8678"
},
{
"status": "affected",
"version": "MT8755"
},
{
"status": "affected",
"version": "MT8771"
},
{
"status": "affected",
"version": "MT8791"
},
{
"status": "affected",
"version": "MT8791T"
},
{
"status": "affected",
"version": "MT8792"
},
{
"status": "affected",
"version": "MT8793"
},
{
"status": "affected",
"version": "MT8795T"
},
{
"status": "affected",
"version": "MT8797"
},
{
"status": "affected",
"version": "MT8798"
},
{
"status": "affected",
"version": "MT8863"
},
{
"status": "affected",
"version": "MT8873"
},
{
"status": "affected",
"version": "MT8883"
},
{
"status": "affected",
"version": "MT8893"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01726634; Issue ID: MSV-5728."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T13:02:51.973Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/February-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2026-20406",
"datePublished": "2026-02-02T08:14:52.889Z",
"dateReserved": "2025-11-03T01:30:59.007Z",
"dateUpdated": "2026-03-30T13:02:51.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20405 (GCVE-0-2026-20405)
Vulnerability from cvelistv5 – Published: 2026-02-02 08:14 – Updated: 2026-03-30 13:02
VLAI?
Summary
In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01688495; Issue ID: MSV-4818.
Severity ?
6.5 (Medium)
CWE
- CWE-617 - Reachable Assertion
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT2735
Affected: MT2737 Affected: MT6813 Affected: MT6815 Affected: MT6833 Affected: MT6835 Affected: MT6853 Affected: MT6855 Affected: MT6858 Affected: MT6873 Affected: MT6875 Affected: MT6877 Affected: MT6878 Affected: MT6879 Affected: MT6880 Affected: MT6883 Affected: MT6885 Affected: MT6886 Affected: MT6889 Affected: MT6890 Affected: MT6891 Affected: MT6893 Affected: MT6895 Affected: MT6896 Affected: MT6897 Affected: MT6899 Affected: MT6980 Affected: MT6983 Affected: MT6985 Affected: MT6986 Affected: MT6989 Affected: MT6990 Affected: MT6991 Affected: MT6993 Affected: MT8668 Affected: MT8673 Affected: MT8675 Affected: MT8676 Affected: MT8678 Affected: MT8755 Affected: MT8771 Affected: MT8791 Affected: MT8791T Affected: MT8792 Affected: MT8793 Affected: MT8795T Affected: MT8797 Affected: MT8798 Affected: MT8863 Affected: MT8873 Affected: MT8883 Affected: MT8893 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-20405",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T14:14:10.553618Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:14:19.474Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT2735"
},
{
"status": "affected",
"version": "MT2737"
},
{
"status": "affected",
"version": "MT6813"
},
{
"status": "affected",
"version": "MT6815"
},
{
"status": "affected",
"version": "MT6833"
},
{
"status": "affected",
"version": "MT6835"
},
{
"status": "affected",
"version": "MT6853"
},
{
"status": "affected",
"version": "MT6855"
},
{
"status": "affected",
"version": "MT6858"
},
{
"status": "affected",
"version": "MT6873"
},
{
"status": "affected",
"version": "MT6875"
},
{
"status": "affected",
"version": "MT6877"
},
{
"status": "affected",
"version": "MT6878"
},
{
"status": "affected",
"version": "MT6879"
},
{
"status": "affected",
"version": "MT6880"
},
{
"status": "affected",
"version": "MT6883"
},
{
"status": "affected",
"version": "MT6885"
},
{
"status": "affected",
"version": "MT6886"
},
{
"status": "affected",
"version": "MT6889"
},
{
"status": "affected",
"version": "MT6890"
},
{
"status": "affected",
"version": "MT6891"
},
{
"status": "affected",
"version": "MT6893"
},
{
"status": "affected",
"version": "MT6895"
},
{
"status": "affected",
"version": "MT6896"
},
{
"status": "affected",
"version": "MT6897"
},
{
"status": "affected",
"version": "MT6899"
},
{
"status": "affected",
"version": "MT6980"
},
{
"status": "affected",
"version": "MT6983"
},
{
"status": "affected",
"version": "MT6985"
},
{
"status": "affected",
"version": "MT6986"
},
{
"status": "affected",
"version": "MT6989"
},
{
"status": "affected",
"version": "MT6990"
},
{
"status": "affected",
"version": "MT6991"
},
{
"status": "affected",
"version": "MT6993"
},
{
"status": "affected",
"version": "MT8668"
},
{
"status": "affected",
"version": "MT8673"
},
{
"status": "affected",
"version": "MT8675"
},
{
"status": "affected",
"version": "MT8676"
},
{
"status": "affected",
"version": "MT8678"
},
{
"status": "affected",
"version": "MT8755"
},
{
"status": "affected",
"version": "MT8771"
},
{
"status": "affected",
"version": "MT8791"
},
{
"status": "affected",
"version": "MT8791T"
},
{
"status": "affected",
"version": "MT8792"
},
{
"status": "affected",
"version": "MT8793"
},
{
"status": "affected",
"version": "MT8795T"
},
{
"status": "affected",
"version": "MT8797"
},
{
"status": "affected",
"version": "MT8798"
},
{
"status": "affected",
"version": "MT8863"
},
{
"status": "affected",
"version": "MT8873"
},
{
"status": "affected",
"version": "MT8883"
},
{
"status": "affected",
"version": "MT8893"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01688495; Issue ID: MSV-4818."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617 Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T13:02:49.377Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/February-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2026-20405",
"datePublished": "2026-02-02T08:14:50.854Z",
"dateReserved": "2025-11-03T01:30:59.007Z",
"dateUpdated": "2026-03-30T13:02:49.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20404 (GCVE-0-2026-20404)
Vulnerability from cvelistv5 – Published: 2026-02-02 08:14 – Updated: 2026-03-30 13:02
VLAI?
Summary
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689248; Issue ID: MSV-4837.
Severity ?
6.5 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT2735
Affected: MT2737 Affected: MT6813 Affected: MT6815 Affected: MT6833 Affected: MT6835 Affected: MT6853 Affected: MT6855 Affected: MT6858 Affected: MT6873 Affected: MT6875 Affected: MT6877 Affected: MT6878 Affected: MT6879 Affected: MT6880 Affected: MT6883 Affected: MT6885 Affected: MT6886 Affected: MT6889 Affected: MT6890 Affected: MT6891 Affected: MT6893 Affected: MT6895 Affected: MT6896 Affected: MT6897 Affected: MT6899 Affected: MT6980 Affected: MT6983 Affected: MT6985 Affected: MT6986 Affected: MT6989 Affected: MT6990 Affected: MT6991 Affected: MT6993 Affected: MT8668 Affected: MT8673 Affected: MT8675 Affected: MT8676 Affected: MT8678 Affected: MT8755 Affected: MT8771 Affected: MT8791 Affected: MT8791T Affected: MT8792 Affected: MT8793 Affected: MT8795T Affected: MT8797 Affected: MT8798 Affected: MT8863 Affected: MT8873 Affected: MT8883 Affected: MT8893 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-20404",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T14:14:30.224452Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:14:45.295Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT2735"
},
{
"status": "affected",
"version": "MT2737"
},
{
"status": "affected",
"version": "MT6813"
},
{
"status": "affected",
"version": "MT6815"
},
{
"status": "affected",
"version": "MT6833"
},
{
"status": "affected",
"version": "MT6835"
},
{
"status": "affected",
"version": "MT6853"
},
{
"status": "affected",
"version": "MT6855"
},
{
"status": "affected",
"version": "MT6858"
},
{
"status": "affected",
"version": "MT6873"
},
{
"status": "affected",
"version": "MT6875"
},
{
"status": "affected",
"version": "MT6877"
},
{
"status": "affected",
"version": "MT6878"
},
{
"status": "affected",
"version": "MT6879"
},
{
"status": "affected",
"version": "MT6880"
},
{
"status": "affected",
"version": "MT6883"
},
{
"status": "affected",
"version": "MT6885"
},
{
"status": "affected",
"version": "MT6886"
},
{
"status": "affected",
"version": "MT6889"
},
{
"status": "affected",
"version": "MT6890"
},
{
"status": "affected",
"version": "MT6891"
},
{
"status": "affected",
"version": "MT6893"
},
{
"status": "affected",
"version": "MT6895"
},
{
"status": "affected",
"version": "MT6896"
},
{
"status": "affected",
"version": "MT6897"
},
{
"status": "affected",
"version": "MT6899"
},
{
"status": "affected",
"version": "MT6980"
},
{
"status": "affected",
"version": "MT6983"
},
{
"status": "affected",
"version": "MT6985"
},
{
"status": "affected",
"version": "MT6986"
},
{
"status": "affected",
"version": "MT6989"
},
{
"status": "affected",
"version": "MT6990"
},
{
"status": "affected",
"version": "MT6991"
},
{
"status": "affected",
"version": "MT6993"
},
{
"status": "affected",
"version": "MT8668"
},
{
"status": "affected",
"version": "MT8673"
},
{
"status": "affected",
"version": "MT8675"
},
{
"status": "affected",
"version": "MT8676"
},
{
"status": "affected",
"version": "MT8678"
},
{
"status": "affected",
"version": "MT8755"
},
{
"status": "affected",
"version": "MT8771"
},
{
"status": "affected",
"version": "MT8791"
},
{
"status": "affected",
"version": "MT8791T"
},
{
"status": "affected",
"version": "MT8792"
},
{
"status": "affected",
"version": "MT8793"
},
{
"status": "affected",
"version": "MT8795T"
},
{
"status": "affected",
"version": "MT8797"
},
{
"status": "affected",
"version": "MT8798"
},
{
"status": "affected",
"version": "MT8863"
},
{
"status": "affected",
"version": "MT8873"
},
{
"status": "affected",
"version": "MT8883"
},
{
"status": "affected",
"version": "MT8893"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689248; Issue ID: MSV-4837."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T13:02:46.700Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/February-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2026-20404",
"datePublished": "2026-02-02T08:14:48.928Z",
"dateReserved": "2025-11-03T01:30:59.007Z",
"dateUpdated": "2026-03-30T13:02:46.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20403 (GCVE-0-2026-20403)
Vulnerability from cvelistv5 – Published: 2026-02-02 08:14 – Updated: 2026-03-30 13:02
VLAI?
Summary
In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689254 (Note: For N15 and NR16) / MOLY01689259 (Note: For NR17 and NR17R); Issue ID: MSV-4843.
Severity ?
6.5 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT2735
Affected: MT2737 Affected: MT6813 Affected: MT6815 Affected: MT6833 Affected: MT6835 Affected: MT6853 Affected: MT6855 Affected: MT6873 Affected: MT6875 Affected: MT6877 Affected: MT6878 Affected: MT6879 Affected: MT6880 Affected: MT6883 Affected: MT6885 Affected: MT6886 Affected: MT6889 Affected: MT6890 Affected: MT6891 Affected: MT6893 Affected: MT6895 Affected: MT6896 Affected: MT6897 Affected: MT6899 Affected: MT6980 Affected: MT6983 Affected: MT6985 Affected: MT6989 Affected: MT6990 Affected: MT6991 Affected: MT6993 Affected: MT8673 Affected: MT8675 Affected: MT8676 Affected: MT8771 Affected: MT8791 Affected: MT8791T Affected: MT8795T Affected: MT8797 Affected: MT8798 Affected: MT8893 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-20403",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T14:15:17.296300Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:15:26.288Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT2735"
},
{
"status": "affected",
"version": "MT2737"
},
{
"status": "affected",
"version": "MT6813"
},
{
"status": "affected",
"version": "MT6815"
},
{
"status": "affected",
"version": "MT6833"
},
{
"status": "affected",
"version": "MT6835"
},
{
"status": "affected",
"version": "MT6853"
},
{
"status": "affected",
"version": "MT6855"
},
{
"status": "affected",
"version": "MT6873"
},
{
"status": "affected",
"version": "MT6875"
},
{
"status": "affected",
"version": "MT6877"
},
{
"status": "affected",
"version": "MT6878"
},
{
"status": "affected",
"version": "MT6879"
},
{
"status": "affected",
"version": "MT6880"
},
{
"status": "affected",
"version": "MT6883"
},
{
"status": "affected",
"version": "MT6885"
},
{
"status": "affected",
"version": "MT6886"
},
{
"status": "affected",
"version": "MT6889"
},
{
"status": "affected",
"version": "MT6890"
},
{
"status": "affected",
"version": "MT6891"
},
{
"status": "affected",
"version": "MT6893"
},
{
"status": "affected",
"version": "MT6895"
},
{
"status": "affected",
"version": "MT6896"
},
{
"status": "affected",
"version": "MT6897"
},
{
"status": "affected",
"version": "MT6899"
},
{
"status": "affected",
"version": "MT6980"
},
{
"status": "affected",
"version": "MT6983"
},
{
"status": "affected",
"version": "MT6985"
},
{
"status": "affected",
"version": "MT6989"
},
{
"status": "affected",
"version": "MT6990"
},
{
"status": "affected",
"version": "MT6991"
},
{
"status": "affected",
"version": "MT6993"
},
{
"status": "affected",
"version": "MT8673"
},
{
"status": "affected",
"version": "MT8675"
},
{
"status": "affected",
"version": "MT8676"
},
{
"status": "affected",
"version": "MT8771"
},
{
"status": "affected",
"version": "MT8791"
},
{
"status": "affected",
"version": "MT8791T"
},
{
"status": "affected",
"version": "MT8795T"
},
{
"status": "affected",
"version": "MT8797"
},
{
"status": "affected",
"version": "MT8798"
},
{
"status": "affected",
"version": "MT8893"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689254 (Note: For N15 and NR16) / MOLY01689259 (Note: For NR17 and NR17R); Issue ID: MSV-4843."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T13:02:43.931Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/February-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2026-20403",
"datePublished": "2026-02-02T08:14:45.891Z",
"dateReserved": "2025-11-03T01:30:59.007Z",
"dateUpdated": "2026-03-30T13:02:43.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20422 (GCVE-0-2026-20422)
Vulnerability from cvelistv5 – Published: 2026-02-02 08:14 – Updated: 2026-03-30 13:02
VLAI?
Summary
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00827332; Issue ID: MSV-5919.
Severity ?
6.5 (Medium)
CWE
- CWE-617 - Reachable Assertion
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT2735
Affected: MT2737 Affected: MT6813 Affected: MT6815 Affected: MT6833 Affected: MT6835 Affected: MT6853 Affected: MT6855 Affected: MT6858 Affected: MT6873 Affected: MT6875 Affected: MT6877 Affected: MT6878 Affected: MT6879 Affected: MT6880 Affected: MT6883 Affected: MT6885 Affected: MT6886 Affected: MT6889 Affected: MT6890 Affected: MT6891 Affected: MT6893 Affected: MT6895 Affected: MT6896 Affected: MT6897 Affected: MT6899 Affected: MT6980 Affected: MT6983 Affected: MT6985 Affected: MT6986 Affected: MT6989 Affected: MT6990 Affected: MT6991 Affected: MT6993 Affected: MT8668 Affected: MT8673 Affected: MT8675 Affected: MT8676 Affected: MT8678 Affected: MT8755 Affected: MT8771 Affected: MT8775 Affected: MT8791 Affected: MT8791T Affected: MT8792 Affected: MT8793 Affected: MT8795T Affected: MT8797 Affected: MT8798 Affected: MT8863 Affected: MT8873 Affected: MT8883 Affected: MT8893 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-20422",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T14:15:42.769658Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:15:51.861Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT2735"
},
{
"status": "affected",
"version": "MT2737"
},
{
"status": "affected",
"version": "MT6813"
},
{
"status": "affected",
"version": "MT6815"
},
{
"status": "affected",
"version": "MT6833"
},
{
"status": "affected",
"version": "MT6835"
},
{
"status": "affected",
"version": "MT6853"
},
{
"status": "affected",
"version": "MT6855"
},
{
"status": "affected",
"version": "MT6858"
},
{
"status": "affected",
"version": "MT6873"
},
{
"status": "affected",
"version": "MT6875"
},
{
"status": "affected",
"version": "MT6877"
},
{
"status": "affected",
"version": "MT6878"
},
{
"status": "affected",
"version": "MT6879"
},
{
"status": "affected",
"version": "MT6880"
},
{
"status": "affected",
"version": "MT6883"
},
{
"status": "affected",
"version": "MT6885"
},
{
"status": "affected",
"version": "MT6886"
},
{
"status": "affected",
"version": "MT6889"
},
{
"status": "affected",
"version": "MT6890"
},
{
"status": "affected",
"version": "MT6891"
},
{
"status": "affected",
"version": "MT6893"
},
{
"status": "affected",
"version": "MT6895"
},
{
"status": "affected",
"version": "MT6896"
},
{
"status": "affected",
"version": "MT6897"
},
{
"status": "affected",
"version": "MT6899"
},
{
"status": "affected",
"version": "MT6980"
},
{
"status": "affected",
"version": "MT6983"
},
{
"status": "affected",
"version": "MT6985"
},
{
"status": "affected",
"version": "MT6986"
},
{
"status": "affected",
"version": "MT6989"
},
{
"status": "affected",
"version": "MT6990"
},
{
"status": "affected",
"version": "MT6991"
},
{
"status": "affected",
"version": "MT6993"
},
{
"status": "affected",
"version": "MT8668"
},
{
"status": "affected",
"version": "MT8673"
},
{
"status": "affected",
"version": "MT8675"
},
{
"status": "affected",
"version": "MT8676"
},
{
"status": "affected",
"version": "MT8678"
},
{
"status": "affected",
"version": "MT8755"
},
{
"status": "affected",
"version": "MT8771"
},
{
"status": "affected",
"version": "MT8775"
},
{
"status": "affected",
"version": "MT8791"
},
{
"status": "affected",
"version": "MT8791T"
},
{
"status": "affected",
"version": "MT8792"
},
{
"status": "affected",
"version": "MT8793"
},
{
"status": "affected",
"version": "MT8795T"
},
{
"status": "affected",
"version": "MT8797"
},
{
"status": "affected",
"version": "MT8798"
},
{
"status": "affected",
"version": "MT8863"
},
{
"status": "affected",
"version": "MT8873"
},
{
"status": "affected",
"version": "MT8883"
},
{
"status": "affected",
"version": "MT8893"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00827332; Issue ID: MSV-5919."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617 Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T13:02:41.210Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/February-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2026-20422",
"datePublished": "2026-02-02T08:14:43.190Z",
"dateReserved": "2025-11-03T01:30:59.010Z",
"dateUpdated": "2026-03-30T13:02:41.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20420 (GCVE-0-2026-20420)
Vulnerability from cvelistv5 – Published: 2026-02-02 08:14 – Updated: 2026-03-30 13:02
VLAI?
Summary
In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738313; Issue ID: MSV-5935.
Severity ?
6.5 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT2735
Affected: MT2737 Affected: MT6813 Affected: MT6815 Affected: MT6833 Affected: MT6835 Affected: MT6853 Affected: MT6855 Affected: MT6858 Affected: MT6873 Affected: MT6875 Affected: MT6877 Affected: MT6878 Affected: MT6879 Affected: MT6880 Affected: MT6883 Affected: MT6885 Affected: MT6886 Affected: MT6889 Affected: MT6890 Affected: MT6891 Affected: MT6893 Affected: MT6895 Affected: MT6896 Affected: MT6897 Affected: MT6899 Affected: MT6980 Affected: MT6983 Affected: MT6985 Affected: MT6986 Affected: MT6989 Affected: MT6990 Affected: MT6991 Affected: MT6993 Affected: MT8676 Affected: MT8791 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-20420",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-02T18:47:39.179344Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:18:26.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT2735"
},
{
"status": "affected",
"version": "MT2737"
},
{
"status": "affected",
"version": "MT6813"
},
{
"status": "affected",
"version": "MT6815"
},
{
"status": "affected",
"version": "MT6833"
},
{
"status": "affected",
"version": "MT6835"
},
{
"status": "affected",
"version": "MT6853"
},
{
"status": "affected",
"version": "MT6855"
},
{
"status": "affected",
"version": "MT6858"
},
{
"status": "affected",
"version": "MT6873"
},
{
"status": "affected",
"version": "MT6875"
},
{
"status": "affected",
"version": "MT6877"
},
{
"status": "affected",
"version": "MT6878"
},
{
"status": "affected",
"version": "MT6879"
},
{
"status": "affected",
"version": "MT6880"
},
{
"status": "affected",
"version": "MT6883"
},
{
"status": "affected",
"version": "MT6885"
},
{
"status": "affected",
"version": "MT6886"
},
{
"status": "affected",
"version": "MT6889"
},
{
"status": "affected",
"version": "MT6890"
},
{
"status": "affected",
"version": "MT6891"
},
{
"status": "affected",
"version": "MT6893"
},
{
"status": "affected",
"version": "MT6895"
},
{
"status": "affected",
"version": "MT6896"
},
{
"status": "affected",
"version": "MT6897"
},
{
"status": "affected",
"version": "MT6899"
},
{
"status": "affected",
"version": "MT6980"
},
{
"status": "affected",
"version": "MT6983"
},
{
"status": "affected",
"version": "MT6985"
},
{
"status": "affected",
"version": "MT6986"
},
{
"status": "affected",
"version": "MT6989"
},
{
"status": "affected",
"version": "MT6990"
},
{
"status": "affected",
"version": "MT6991"
},
{
"status": "affected",
"version": "MT6993"
},
{
"status": "affected",
"version": "MT8676"
},
{
"status": "affected",
"version": "MT8791"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738313; Issue ID: MSV-5935."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T13:02:30.303Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/February-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2026-20420",
"datePublished": "2026-02-02T08:14:32.385Z",
"dateReserved": "2025-11-03T01:30:59.010Z",
"dateUpdated": "2026-03-30T13:02:30.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20793 (GCVE-0-2025-20793)
Vulnerability from cvelistv5 – Published: 2026-01-06 01:46 – Updated: 2026-03-30 13:03
VLAI?
Summary
In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01430930; Issue ID: MSV-4836.
Severity ?
6.5 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT2735
Affected: MT2737 Affected: MT6813 Affected: MT6815 Affected: MT6833 Affected: MT6835 Affected: MT6853 Affected: MT6855 Affected: MT6873 Affected: MT6875 Affected: MT6877 Affected: MT6878 Affected: MT6879 Affected: MT6880 Affected: MT6883 Affected: MT6885 Affected: MT6886 Affected: MT6889 Affected: MT6890 Affected: MT6891 Affected: MT6893 Affected: MT6895 Affected: MT6896 Affected: MT6897 Affected: MT6899 Affected: MT6980 Affected: MT6983 Affected: MT6985 Affected: MT6989 Affected: MT6990 Affected: MT6991 Affected: MT6993 Affected: MT8673 Affected: MT8675 Affected: MT8676 Affected: MT8678 Affected: MT8755 Affected: MT8771 Affected: MT8791 Affected: MT8791T Affected: MT8792 Affected: MT8793 Affected: MT8795T Affected: MT8797 Affected: MT8798 Affected: MT8863 Affected: MT8873 Affected: MT8883 Affected: MT8893 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-20793",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T14:20:39.628921Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:20:42.396Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT2735"
},
{
"status": "affected",
"version": "MT2737"
},
{
"status": "affected",
"version": "MT6813"
},
{
"status": "affected",
"version": "MT6815"
},
{
"status": "affected",
"version": "MT6833"
},
{
"status": "affected",
"version": "MT6835"
},
{
"status": "affected",
"version": "MT6853"
},
{
"status": "affected",
"version": "MT6855"
},
{
"status": "affected",
"version": "MT6873"
},
{
"status": "affected",
"version": "MT6875"
},
{
"status": "affected",
"version": "MT6877"
},
{
"status": "affected",
"version": "MT6878"
},
{
"status": "affected",
"version": "MT6879"
},
{
"status": "affected",
"version": "MT6880"
},
{
"status": "affected",
"version": "MT6883"
},
{
"status": "affected",
"version": "MT6885"
},
{
"status": "affected",
"version": "MT6886"
},
{
"status": "affected",
"version": "MT6889"
},
{
"status": "affected",
"version": "MT6890"
},
{
"status": "affected",
"version": "MT6891"
},
{
"status": "affected",
"version": "MT6893"
},
{
"status": "affected",
"version": "MT6895"
},
{
"status": "affected",
"version": "MT6896"
},
{
"status": "affected",
"version": "MT6897"
},
{
"status": "affected",
"version": "MT6899"
},
{
"status": "affected",
"version": "MT6980"
},
{
"status": "affected",
"version": "MT6983"
},
{
"status": "affected",
"version": "MT6985"
},
{
"status": "affected",
"version": "MT6989"
},
{
"status": "affected",
"version": "MT6990"
},
{
"status": "affected",
"version": "MT6991"
},
{
"status": "affected",
"version": "MT6993"
},
{
"status": "affected",
"version": "MT8673"
},
{
"status": "affected",
"version": "MT8675"
},
{
"status": "affected",
"version": "MT8676"
},
{
"status": "affected",
"version": "MT8678"
},
{
"status": "affected",
"version": "MT8755"
},
{
"status": "affected",
"version": "MT8771"
},
{
"status": "affected",
"version": "MT8791"
},
{
"status": "affected",
"version": "MT8791T"
},
{
"status": "affected",
"version": "MT8792"
},
{
"status": "affected",
"version": "MT8793"
},
{
"status": "affected",
"version": "MT8795T"
},
{
"status": "affected",
"version": "MT8797"
},
{
"status": "affected",
"version": "MT8798"
},
{
"status": "affected",
"version": "MT8863"
},
{
"status": "affected",
"version": "MT8873"
},
{
"status": "affected",
"version": "MT8883"
},
{
"status": "affected",
"version": "MT8893"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01430930; Issue ID: MSV-4836."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T13:03:56.962Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/January-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2025-20793",
"datePublished": "2026-01-06T01:46:33.180Z",
"dateReserved": "2024-11-01T01:21:50.402Z",
"dateUpdated": "2026-03-30T13:03:56.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20794 (GCVE-0-2025-20794)
Vulnerability from cvelistv5 – Published: 2026-01-06 01:46 – Updated: 2026-03-30 13:03
VLAI?
Summary
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689259 / MOLY01586470; Issue ID: MSV-4847.
Severity ?
6.5 (Medium)
CWE
- CWE-121 - Stack Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT2735
Affected: MT2737 Affected: MT6813 Affected: MT6815 Affected: MT6833 Affected: MT6835 Affected: MT6853 Affected: MT6855 Affected: MT6873 Affected: MT6875 Affected: MT6877 Affected: MT6878 Affected: MT6879 Affected: MT6880 Affected: MT6883 Affected: MT6885 Affected: MT6886 Affected: MT6889 Affected: MT6890 Affected: MT6891 Affected: MT6893 Affected: MT6895 Affected: MT6896 Affected: MT6897 Affected: MT6899 Affected: MT6980 Affected: MT6983 Affected: MT6985 Affected: MT6986 Affected: MT6989 Affected: MT6990 Affected: MT6991 Affected: MT6993 Affected: MT8673 Affected: MT8675 Affected: MT8676 Affected: MT8678 Affected: MT8755 Affected: MT8771 Affected: MT8791 Affected: MT8791T Affected: MT8792 Affected: MT8793 Affected: MT8795T Affected: MT8797 Affected: MT8798 Affected: MT8863 Affected: MT8873 Affected: MT8883 Affected: MT8893 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-20794",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T14:21:10.532009Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:21:13.568Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT2735"
},
{
"status": "affected",
"version": "MT2737"
},
{
"status": "affected",
"version": "MT6813"
},
{
"status": "affected",
"version": "MT6815"
},
{
"status": "affected",
"version": "MT6833"
},
{
"status": "affected",
"version": "MT6835"
},
{
"status": "affected",
"version": "MT6853"
},
{
"status": "affected",
"version": "MT6855"
},
{
"status": "affected",
"version": "MT6873"
},
{
"status": "affected",
"version": "MT6875"
},
{
"status": "affected",
"version": "MT6877"
},
{
"status": "affected",
"version": "MT6878"
},
{
"status": "affected",
"version": "MT6879"
},
{
"status": "affected",
"version": "MT6880"
},
{
"status": "affected",
"version": "MT6883"
},
{
"status": "affected",
"version": "MT6885"
},
{
"status": "affected",
"version": "MT6886"
},
{
"status": "affected",
"version": "MT6889"
},
{
"status": "affected",
"version": "MT6890"
},
{
"status": "affected",
"version": "MT6891"
},
{
"status": "affected",
"version": "MT6893"
},
{
"status": "affected",
"version": "MT6895"
},
{
"status": "affected",
"version": "MT6896"
},
{
"status": "affected",
"version": "MT6897"
},
{
"status": "affected",
"version": "MT6899"
},
{
"status": "affected",
"version": "MT6980"
},
{
"status": "affected",
"version": "MT6983"
},
{
"status": "affected",
"version": "MT6985"
},
{
"status": "affected",
"version": "MT6986"
},
{
"status": "affected",
"version": "MT6989"
},
{
"status": "affected",
"version": "MT6990"
},
{
"status": "affected",
"version": "MT6991"
},
{
"status": "affected",
"version": "MT6993"
},
{
"status": "affected",
"version": "MT8673"
},
{
"status": "affected",
"version": "MT8675"
},
{
"status": "affected",
"version": "MT8676"
},
{
"status": "affected",
"version": "MT8678"
},
{
"status": "affected",
"version": "MT8755"
},
{
"status": "affected",
"version": "MT8771"
},
{
"status": "affected",
"version": "MT8791"
},
{
"status": "affected",
"version": "MT8791T"
},
{
"status": "affected",
"version": "MT8792"
},
{
"status": "affected",
"version": "MT8793"
},
{
"status": "affected",
"version": "MT8795T"
},
{
"status": "affected",
"version": "MT8797"
},
{
"status": "affected",
"version": "MT8798"
},
{
"status": "affected",
"version": "MT8863"
},
{
"status": "affected",
"version": "MT8873"
},
{
"status": "affected",
"version": "MT8883"
},
{
"status": "affected",
"version": "MT8893"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689259 / MOLY01586470; Issue ID: MSV-4847."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T13:03:54.464Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/January-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2025-20794",
"datePublished": "2026-01-06T01:46:31.408Z",
"dateReserved": "2024-11-01T01:21:50.403Z",
"dateUpdated": "2026-03-30T13:03:54.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20752 (GCVE-0-2025-20752)
Vulnerability from cvelistv5 – Published: 2025-12-02 02:34 – Updated: 2026-02-17 14:27
VLAI?
Summary
In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01270690; Issue ID: MSV-4301.
Severity ?
6.5 (Medium)
CWE
- CWE-617 - Reachable Assertion
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-20752",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T14:34:59.384733Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:27:10.658Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2735, MT2737, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8676, MT8791T",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Modem NR15, NR16, NR17, NR17R"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01270690; Issue ID: MSV-4301."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617 Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T02:34:18.215Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/December-2025"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2025-20752",
"datePublished": "2025-12-02T02:34:18.215Z",
"dateReserved": "2024-11-01T01:21:50.397Z",
"dateUpdated": "2026-02-17T14:27:10.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20758 (GCVE-0-2025-20758)
Vulnerability from cvelistv5 – Published: 2025-12-02 02:34 – Updated: 2025-12-02 14:37
VLAI?
Summary
In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673755; Issue ID: MSV-4647.
Severity ?
4.9 (Medium)
CWE
- CWE-248 - Uncaught Exception
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-20758",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T14:32:24.765697Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T14:37:10.220Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2735, MT2737, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Modem NR15, NR16, NR17, NR17R"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673755; Issue ID: MSV-4647."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248 Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T02:34:13.024Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/December-2025"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2025-20758",
"datePublished": "2025-12-02T02:34:13.024Z",
"dateReserved": "2024-11-01T01:21:50.397Z",
"dateUpdated": "2025-12-02T14:37:10.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20754 (GCVE-0-2025-20754)
Vulnerability from cvelistv5 – Published: 2025-12-02 02:34 – Updated: 2025-12-02 14:39
VLAI?
Summary
In Modem, there is a possible system crash due to an incorrect bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689251; Issue ID: MSV-4840.
Severity ?
5.3 (Medium)
CWE
- CWE-248 - Uncaught Exception
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-20754",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T14:39:36.472352Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T14:39:42.567Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2735, MT2737, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Modem NR15, NR16, NR17, NR17R"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to an incorrect bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689251; Issue ID: MSV-4840."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248 Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T02:34:05.891Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/December-2025"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2025-20754",
"datePublished": "2025-12-02T02:34:05.891Z",
"dateReserved": "2024-11-01T01:21:50.397Z",
"dateUpdated": "2025-12-02T14:39:42.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20726 (GCVE-0-2025-20726)
Vulnerability from cvelistv5 – Published: 2025-11-04 06:19 – Updated: 2026-02-26 17:47
VLAI?
Summary
In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672598; Issue ID: MSV-4622.
Severity ?
7.5 (High)
CWE
- CWE-122 - Heap Overflow
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-20726",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-05T04:55:37.259864Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:47:28.321Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2735, MT2737, MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6771, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8666, MT8667, MT8673, MT8675, MT8676, MT8678, MT8765, MT8766, MT8766R, MT8768, MT8771, MT8786, MT8788, MT8788E, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Modem LR12A, NR15, NR16, NR17, NR17R"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672598; Issue ID: MSV-4622."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T06:19:41.827Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/November-2025"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2025-20726",
"datePublished": "2025-11-04T06:19:41.827Z",
"dateReserved": "2024-11-01T01:21:50.392Z",
"dateUpdated": "2026-02-26T17:47:28.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20727 (GCVE-0-2025-20727)
Vulnerability from cvelistv5 – Published: 2025-11-04 06:19 – Updated: 2026-02-26 17:47
VLAI?
Summary
In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672601; Issue ID: MSV-4623.
Severity ?
8.1 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-20727",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-05T04:55:36.469461Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:47:28.676Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MT2735, MT2737, MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6771, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8666, MT8667, MT8673, MT8675, MT8676, MT8678, MT8765, MT8766, MT8766R, MT8768, MT8771, MT8786, MT8788, MT8788E, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "Modem LR12A, NR15, NR16, NR17, NR17R"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672601; Issue ID: MSV-4623."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T06:19:40.087Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/November-2025"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2025-20727",
"datePublished": "2025-11-04T06:19:40.087Z",
"dateReserved": "2024-11-01T01:21:50.392Z",
"dateUpdated": "2026-02-26T17:47:28.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
VAR-202512-0754
Vulnerability from variot - Updated: 2025-12-19 23:00In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673755; Issue ID: MSV-4647.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202512-0754",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nr17",
"scope": "eq",
"trust": 1.0,
"vendor": "mediatek",
"version": null
},
{
"model": "nr17r",
"scope": "eq",
"trust": 1.0,
"vendor": "mediatek",
"version": null
},
{
"model": "nr16",
"scope": "eq",
"trust": 1.0,
"vendor": "mediatek",
"version": null
},
{
"model": "nr15",
"scope": "eq",
"trust": 1.0,
"vendor": "mediatek",
"version": null
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-20758"
}
]
},
"cve": "CVE-2025-20758",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"id": "CVE-2025-20758",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2025-20758",
"trust": 1.0,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-20758"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673755; Issue ID: MSV-4647.",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-20758"
}
],
"trust": 1.0
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-20758",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-20758"
}
]
},
"id": "VAR-202512-0754",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.35416666
},
"last_update_date": "2025-12-19T23:00:11.066000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-248",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-20758"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://corp.mediatek.com/product-security-bulletin/december-2025"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-20758"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-20758"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-12-02T03:16:17.187000",
"db": "NVD",
"id": "CVE-2025-20758"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-12-03T21:37:31.440000",
"db": "NVD",
"id": "CVE-2025-20758"
}
]
}
}
VAR-202512-1520
Vulnerability from variot - Updated: 2025-12-19 22:38In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01270690; Issue ID: MSV-4301.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202512-1520",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nr17",
"scope": "eq",
"trust": 1.0,
"vendor": "mediatek",
"version": null
},
{
"model": "nr15",
"scope": "eq",
"trust": 1.0,
"vendor": "mediatek",
"version": null
},
{
"model": "nr17r",
"scope": "eq",
"trust": 1.0,
"vendor": "mediatek",
"version": null
},
{
"model": "nr16",
"scope": "eq",
"trust": 1.0,
"vendor": "mediatek",
"version": null
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-20752"
}
]
},
"cve": "CVE-2025-20752",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2025-20752",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2025-20752",
"trust": 1.0,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-20752"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01270690; Issue ID: MSV-4301.",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-20752"
}
],
"trust": 1.0
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-20752",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-20752"
}
]
},
"id": "VAR-202512-1520",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.35416666
},
"last_update_date": "2025-12-19T22:38:34.421000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-617",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-20752"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://corp.mediatek.com/product-security-bulletin/december-2025"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-20752"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-20752"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-12-02T03:16:16.353000",
"db": "NVD",
"id": "CVE-2025-20752"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-12-04T13:34:14.127000",
"db": "NVD",
"id": "CVE-2025-20752"
}
]
}
}
VAR-202511-1774
Vulnerability from variot - Updated: 2025-11-20 23:28In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672601; Issue ID: MSV-4623.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202511-1774",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lr12a",
"scope": "eq",
"trust": 1.0,
"vendor": "mediatek",
"version": null
},
{
"model": "nr17r",
"scope": "eq",
"trust": 1.0,
"vendor": "mediatek",
"version": null
},
{
"model": "nr17",
"scope": "eq",
"trust": 1.0,
"vendor": "mediatek",
"version": null
},
{
"model": "nr15",
"scope": "eq",
"trust": 1.0,
"vendor": "mediatek",
"version": null
},
{
"model": "nr16",
"scope": "eq",
"trust": 1.0,
"vendor": "mediatek",
"version": null
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-20727"
}
]
},
"cve": "CVE-2025-20727",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2025-20727",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2025-20727",
"trust": 1.0,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-20727"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672601; Issue ID: MSV-4623.",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-20727"
}
],
"trust": 1.0
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-20727",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-20727"
}
]
},
"id": "VAR-202511-1774",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.3333333266666667
},
"last_update_date": "2025-11-20T23:28:09.740000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-20727"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://corp.mediatek.com/product-security-bulletin/november-2025"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-20727"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-20727"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-11-04T07:15:34.540000",
"db": "NVD",
"id": "CVE-2025-20727"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-11-05T18:40:42.667000",
"db": "NVD",
"id": "CVE-2025-20727"
}
]
}
}
VAR-202511-1256
Vulnerability from variot - Updated: 2025-11-20 23:10In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672598; Issue ID: MSV-4622.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202511-1256",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lr12a",
"scope": "eq",
"trust": 1.0,
"vendor": "mediatek",
"version": null
},
{
"model": "nr17r",
"scope": "eq",
"trust": 1.0,
"vendor": "mediatek",
"version": null
},
{
"model": "nr17",
"scope": "eq",
"trust": 1.0,
"vendor": "mediatek",
"version": null
},
{
"model": "nr15",
"scope": "eq",
"trust": 1.0,
"vendor": "mediatek",
"version": null
},
{
"model": "nr16",
"scope": "eq",
"trust": 1.0,
"vendor": "mediatek",
"version": null
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-20726"
}
]
},
"cve": "CVE-2025-20726",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2025-20726",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2025-20726",
"trust": 1.0,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-20726"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672598; Issue ID: MSV-4622.",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-20726"
}
],
"trust": 1.0
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-20726",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-20726"
}
]
},
"id": "VAR-202511-1256",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.3333333266666667
},
"last_update_date": "2025-11-20T23:10:23.896000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-20726"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://corp.mediatek.com/product-security-bulletin/november-2025"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2025-20726"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-20726"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-11-04T07:15:34.037000",
"db": "NVD",
"id": "CVE-2025-20726"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-11-05T17:16:04.053000",
"db": "NVD",
"id": "CVE-2025-20726"
}
]
}
}