Search

Find a vulnerability

Search criteria

    50 vulnerabilities found for nr17r by mediatek

    CVE-2026-20422 (GCVE-0-2026-20422)

    Vulnerability from nvd – Published: 2026-02-02 08:14 – Updated: 2026-03-30 13:02
    VLAI
    Summary
    In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00827332; Issue ID: MSV-5919.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    MediaTek, Inc. MediaTek chipset Affected: MT2735
    Affected: MT2737
    Affected: MT6813
    Affected: MT6815
    Affected: MT6833
    Affected: MT6835
    Affected: MT6853
    Affected: MT6855
    Affected: MT6858
    Affected: MT6873
    Affected: MT6875
    Affected: MT6877
    Affected: MT6878
    Affected: MT6879
    Affected: MT6880
    Affected: MT6883
    Affected: MT6885
    Affected: MT6886
    Affected: MT6889
    Affected: MT6890
    Affected: MT6891
    Affected: MT6893
    Affected: MT6895
    Affected: MT6896
    Affected: MT6897
    Affected: MT6899
    Affected: MT6980
    Affected: MT6983
    Affected: MT6985
    Affected: MT6986
    Affected: MT6989
    Affected: MT6990
    Affected: MT6991
    Affected: MT6993
    Affected: MT8668
    Affected: MT8673
    Affected: MT8675
    Affected: MT8676
    Affected: MT8678
    Affected: MT8755
    Affected: MT8771
    Affected: MT8775
    Affected: MT8791
    Affected: MT8791T
    Affected: MT8792
    Affected: MT8793
    Affected: MT8795T
    Affected: MT8797
    Affected: MT8798
    Affected: MT8863
    Affected: MT8873
    Affected: MT8883
    Affected: MT8893
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20422",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-17T14:15:42.769658Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T14:15:51.861Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MediaTek chipset",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MT2735"
                },
                {
                  "status": "affected",
                  "version": "MT2737"
                },
                {
                  "status": "affected",
                  "version": "MT6813"
                },
                {
                  "status": "affected",
                  "version": "MT6815"
                },
                {
                  "status": "affected",
                  "version": "MT6833"
                },
                {
                  "status": "affected",
                  "version": "MT6835"
                },
                {
                  "status": "affected",
                  "version": "MT6853"
                },
                {
                  "status": "affected",
                  "version": "MT6855"
                },
                {
                  "status": "affected",
                  "version": "MT6858"
                },
                {
                  "status": "affected",
                  "version": "MT6873"
                },
                {
                  "status": "affected",
                  "version": "MT6875"
                },
                {
                  "status": "affected",
                  "version": "MT6877"
                },
                {
                  "status": "affected",
                  "version": "MT6878"
                },
                {
                  "status": "affected",
                  "version": "MT6879"
                },
                {
                  "status": "affected",
                  "version": "MT6880"
                },
                {
                  "status": "affected",
                  "version": "MT6883"
                },
                {
                  "status": "affected",
                  "version": "MT6885"
                },
                {
                  "status": "affected",
                  "version": "MT6886"
                },
                {
                  "status": "affected",
                  "version": "MT6889"
                },
                {
                  "status": "affected",
                  "version": "MT6890"
                },
                {
                  "status": "affected",
                  "version": "MT6891"
                },
                {
                  "status": "affected",
                  "version": "MT6893"
                },
                {
                  "status": "affected",
                  "version": "MT6895"
                },
                {
                  "status": "affected",
                  "version": "MT6896"
                },
                {
                  "status": "affected",
                  "version": "MT6897"
                },
                {
                  "status": "affected",
                  "version": "MT6899"
                },
                {
                  "status": "affected",
                  "version": "MT6980"
                },
                {
                  "status": "affected",
                  "version": "MT6983"
                },
                {
                  "status": "affected",
                  "version": "MT6985"
                },
                {
                  "status": "affected",
                  "version": "MT6986"
                },
                {
                  "status": "affected",
                  "version": "MT6989"
                },
                {
                  "status": "affected",
                  "version": "MT6990"
                },
                {
                  "status": "affected",
                  "version": "MT6991"
                },
                {
                  "status": "affected",
                  "version": "MT6993"
                },
                {
                  "status": "affected",
                  "version": "MT8668"
                },
                {
                  "status": "affected",
                  "version": "MT8673"
                },
                {
                  "status": "affected",
                  "version": "MT8675"
                },
                {
                  "status": "affected",
                  "version": "MT8676"
                },
                {
                  "status": "affected",
                  "version": "MT8678"
                },
                {
                  "status": "affected",
                  "version": "MT8755"
                },
                {
                  "status": "affected",
                  "version": "MT8771"
                },
                {
                  "status": "affected",
                  "version": "MT8775"
                },
                {
                  "status": "affected",
                  "version": "MT8791"
                },
                {
                  "status": "affected",
                  "version": "MT8791T"
                },
                {
                  "status": "affected",
                  "version": "MT8792"
                },
                {
                  "status": "affected",
                  "version": "MT8793"
                },
                {
                  "status": "affected",
                  "version": "MT8795T"
                },
                {
                  "status": "affected",
                  "version": "MT8797"
                },
                {
                  "status": "affected",
                  "version": "MT8798"
                },
                {
                  "status": "affected",
                  "version": "MT8863"
                },
                {
                  "status": "affected",
                  "version": "MT8873"
                },
                {
                  "status": "affected",
                  "version": "MT8883"
                },
                {
                  "status": "affected",
                  "version": "MT8893"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00827332; Issue ID: MSV-5919."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-617",
                  "description": "CWE-617 Reachable Assertion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-30T13:02:41.210Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/February-2026"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2026-20422",
        "datePublished": "2026-02-02T08:14:43.190Z",
        "dateReserved": "2025-11-03T01:30:59.010Z",
        "dateUpdated": "2026-03-30T13:02:41.210Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20420 (GCVE-0-2026-20420)

    Vulnerability from nvd – Published: 2026-02-02 08:14 – Updated: 2026-03-30 13:02
    VLAI
    Summary
    In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738313; Issue ID: MSV-5935.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    MediaTek, Inc. MediaTek chipset Affected: MT2735
    Affected: MT2737
    Affected: MT6813
    Affected: MT6815
    Affected: MT6833
    Affected: MT6835
    Affected: MT6853
    Affected: MT6855
    Affected: MT6858
    Affected: MT6873
    Affected: MT6875
    Affected: MT6877
    Affected: MT6878
    Affected: MT6879
    Affected: MT6880
    Affected: MT6883
    Affected: MT6885
    Affected: MT6886
    Affected: MT6889
    Affected: MT6890
    Affected: MT6891
    Affected: MT6893
    Affected: MT6895
    Affected: MT6896
    Affected: MT6897
    Affected: MT6899
    Affected: MT6980
    Affected: MT6983
    Affected: MT6985
    Affected: MT6986
    Affected: MT6989
    Affected: MT6990
    Affected: MT6991
    Affected: MT6993
    Affected: MT8676
    Affected: MT8791
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20420",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-02T18:47:39.179344Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T14:18:26.562Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MediaTek chipset",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MT2735"
                },
                {
                  "status": "affected",
                  "version": "MT2737"
                },
                {
                  "status": "affected",
                  "version": "MT6813"
                },
                {
                  "status": "affected",
                  "version": "MT6815"
                },
                {
                  "status": "affected",
                  "version": "MT6833"
                },
                {
                  "status": "affected",
                  "version": "MT6835"
                },
                {
                  "status": "affected",
                  "version": "MT6853"
                },
                {
                  "status": "affected",
                  "version": "MT6855"
                },
                {
                  "status": "affected",
                  "version": "MT6858"
                },
                {
                  "status": "affected",
                  "version": "MT6873"
                },
                {
                  "status": "affected",
                  "version": "MT6875"
                },
                {
                  "status": "affected",
                  "version": "MT6877"
                },
                {
                  "status": "affected",
                  "version": "MT6878"
                },
                {
                  "status": "affected",
                  "version": "MT6879"
                },
                {
                  "status": "affected",
                  "version": "MT6880"
                },
                {
                  "status": "affected",
                  "version": "MT6883"
                },
                {
                  "status": "affected",
                  "version": "MT6885"
                },
                {
                  "status": "affected",
                  "version": "MT6886"
                },
                {
                  "status": "affected",
                  "version": "MT6889"
                },
                {
                  "status": "affected",
                  "version": "MT6890"
                },
                {
                  "status": "affected",
                  "version": "MT6891"
                },
                {
                  "status": "affected",
                  "version": "MT6893"
                },
                {
                  "status": "affected",
                  "version": "MT6895"
                },
                {
                  "status": "affected",
                  "version": "MT6896"
                },
                {
                  "status": "affected",
                  "version": "MT6897"
                },
                {
                  "status": "affected",
                  "version": "MT6899"
                },
                {
                  "status": "affected",
                  "version": "MT6980"
                },
                {
                  "status": "affected",
                  "version": "MT6983"
                },
                {
                  "status": "affected",
                  "version": "MT6985"
                },
                {
                  "status": "affected",
                  "version": "MT6986"
                },
                {
                  "status": "affected",
                  "version": "MT6989"
                },
                {
                  "status": "affected",
                  "version": "MT6990"
                },
                {
                  "status": "affected",
                  "version": "MT6991"
                },
                {
                  "status": "affected",
                  "version": "MT6993"
                },
                {
                  "status": "affected",
                  "version": "MT8676"
                },
                {
                  "status": "affected",
                  "version": "MT8791"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738313; Issue ID: MSV-5935."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-30T13:02:30.303Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/February-2026"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2026-20420",
        "datePublished": "2026-02-02T08:14:32.385Z",
        "dateReserved": "2025-11-03T01:30:59.010Z",
        "dateUpdated": "2026-03-30T13:02:30.303Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20406 (GCVE-0-2026-20406)

    Vulnerability from nvd – Published: 2026-02-02 08:14 – Updated: 2026-03-30 13:02
    VLAI
    Summary
    In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01726634; Issue ID: MSV-5728.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    MediaTek, Inc. MediaTek chipset Affected: MT2735
    Affected: MT2737
    Affected: MT6813
    Affected: MT6815
    Affected: MT6833
    Affected: MT6835
    Affected: MT6853
    Affected: MT6855
    Affected: MT6858
    Affected: MT6873
    Affected: MT6875
    Affected: MT6877
    Affected: MT6878
    Affected: MT6879
    Affected: MT6880
    Affected: MT6883
    Affected: MT6885
    Affected: MT6886
    Affected: MT6889
    Affected: MT6890
    Affected: MT6891
    Affected: MT6893
    Affected: MT6895
    Affected: MT6896
    Affected: MT6897
    Affected: MT6899
    Affected: MT6980
    Affected: MT6983
    Affected: MT6985
    Affected: MT6986
    Affected: MT6989
    Affected: MT6990
    Affected: MT6991
    Affected: MT6993
    Affected: MT8668
    Affected: MT8673
    Affected: MT8675
    Affected: MT8676
    Affected: MT8678
    Affected: MT8755
    Affected: MT8771
    Affected: MT8791
    Affected: MT8791T
    Affected: MT8792
    Affected: MT8793
    Affected: MT8795T
    Affected: MT8797
    Affected: MT8798
    Affected: MT8863
    Affected: MT8873
    Affected: MT8883
    Affected: MT8893
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20406",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-17T14:13:31.407121Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T14:13:54.700Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MediaTek chipset",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MT2735"
                },
                {
                  "status": "affected",
                  "version": "MT2737"
                },
                {
                  "status": "affected",
                  "version": "MT6813"
                },
                {
                  "status": "affected",
                  "version": "MT6815"
                },
                {
                  "status": "affected",
                  "version": "MT6833"
                },
                {
                  "status": "affected",
                  "version": "MT6835"
                },
                {
                  "status": "affected",
                  "version": "MT6853"
                },
                {
                  "status": "affected",
                  "version": "MT6855"
                },
                {
                  "status": "affected",
                  "version": "MT6858"
                },
                {
                  "status": "affected",
                  "version": "MT6873"
                },
                {
                  "status": "affected",
                  "version": "MT6875"
                },
                {
                  "status": "affected",
                  "version": "MT6877"
                },
                {
                  "status": "affected",
                  "version": "MT6878"
                },
                {
                  "status": "affected",
                  "version": "MT6879"
                },
                {
                  "status": "affected",
                  "version": "MT6880"
                },
                {
                  "status": "affected",
                  "version": "MT6883"
                },
                {
                  "status": "affected",
                  "version": "MT6885"
                },
                {
                  "status": "affected",
                  "version": "MT6886"
                },
                {
                  "status": "affected",
                  "version": "MT6889"
                },
                {
                  "status": "affected",
                  "version": "MT6890"
                },
                {
                  "status": "affected",
                  "version": "MT6891"
                },
                {
                  "status": "affected",
                  "version": "MT6893"
                },
                {
                  "status": "affected",
                  "version": "MT6895"
                },
                {
                  "status": "affected",
                  "version": "MT6896"
                },
                {
                  "status": "affected",
                  "version": "MT6897"
                },
                {
                  "status": "affected",
                  "version": "MT6899"
                },
                {
                  "status": "affected",
                  "version": "MT6980"
                },
                {
                  "status": "affected",
                  "version": "MT6983"
                },
                {
                  "status": "affected",
                  "version": "MT6985"
                },
                {
                  "status": "affected",
                  "version": "MT6986"
                },
                {
                  "status": "affected",
                  "version": "MT6989"
                },
                {
                  "status": "affected",
                  "version": "MT6990"
                },
                {
                  "status": "affected",
                  "version": "MT6991"
                },
                {
                  "status": "affected",
                  "version": "MT6993"
                },
                {
                  "status": "affected",
                  "version": "MT8668"
                },
                {
                  "status": "affected",
                  "version": "MT8673"
                },
                {
                  "status": "affected",
                  "version": "MT8675"
                },
                {
                  "status": "affected",
                  "version": "MT8676"
                },
                {
                  "status": "affected",
                  "version": "MT8678"
                },
                {
                  "status": "affected",
                  "version": "MT8755"
                },
                {
                  "status": "affected",
                  "version": "MT8771"
                },
                {
                  "status": "affected",
                  "version": "MT8791"
                },
                {
                  "status": "affected",
                  "version": "MT8791T"
                },
                {
                  "status": "affected",
                  "version": "MT8792"
                },
                {
                  "status": "affected",
                  "version": "MT8793"
                },
                {
                  "status": "affected",
                  "version": "MT8795T"
                },
                {
                  "status": "affected",
                  "version": "MT8797"
                },
                {
                  "status": "affected",
                  "version": "MT8798"
                },
                {
                  "status": "affected",
                  "version": "MT8863"
                },
                {
                  "status": "affected",
                  "version": "MT8873"
                },
                {
                  "status": "affected",
                  "version": "MT8883"
                },
                {
                  "status": "affected",
                  "version": "MT8893"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01726634; Issue ID: MSV-5728."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-30T13:02:51.973Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/February-2026"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2026-20406",
        "datePublished": "2026-02-02T08:14:52.889Z",
        "dateReserved": "2025-11-03T01:30:59.007Z",
        "dateUpdated": "2026-03-30T13:02:51.973Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20405 (GCVE-0-2026-20405)

    Vulnerability from nvd – Published: 2026-02-02 08:14 – Updated: 2026-03-30 13:02
    VLAI
    Summary
    In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01688495; Issue ID: MSV-4818.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    MediaTek, Inc. MediaTek chipset Affected: MT2735
    Affected: MT2737
    Affected: MT6813
    Affected: MT6815
    Affected: MT6833
    Affected: MT6835
    Affected: MT6853
    Affected: MT6855
    Affected: MT6858
    Affected: MT6873
    Affected: MT6875
    Affected: MT6877
    Affected: MT6878
    Affected: MT6879
    Affected: MT6880
    Affected: MT6883
    Affected: MT6885
    Affected: MT6886
    Affected: MT6889
    Affected: MT6890
    Affected: MT6891
    Affected: MT6893
    Affected: MT6895
    Affected: MT6896
    Affected: MT6897
    Affected: MT6899
    Affected: MT6980
    Affected: MT6983
    Affected: MT6985
    Affected: MT6986
    Affected: MT6989
    Affected: MT6990
    Affected: MT6991
    Affected: MT6993
    Affected: MT8668
    Affected: MT8673
    Affected: MT8675
    Affected: MT8676
    Affected: MT8678
    Affected: MT8755
    Affected: MT8771
    Affected: MT8791
    Affected: MT8791T
    Affected: MT8792
    Affected: MT8793
    Affected: MT8795T
    Affected: MT8797
    Affected: MT8798
    Affected: MT8863
    Affected: MT8873
    Affected: MT8883
    Affected: MT8893
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20405",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-17T14:14:10.553618Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T14:14:19.474Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MediaTek chipset",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MT2735"
                },
                {
                  "status": "affected",
                  "version": "MT2737"
                },
                {
                  "status": "affected",
                  "version": "MT6813"
                },
                {
                  "status": "affected",
                  "version": "MT6815"
                },
                {
                  "status": "affected",
                  "version": "MT6833"
                },
                {
                  "status": "affected",
                  "version": "MT6835"
                },
                {
                  "status": "affected",
                  "version": "MT6853"
                },
                {
                  "status": "affected",
                  "version": "MT6855"
                },
                {
                  "status": "affected",
                  "version": "MT6858"
                },
                {
                  "status": "affected",
                  "version": "MT6873"
                },
                {
                  "status": "affected",
                  "version": "MT6875"
                },
                {
                  "status": "affected",
                  "version": "MT6877"
                },
                {
                  "status": "affected",
                  "version": "MT6878"
                },
                {
                  "status": "affected",
                  "version": "MT6879"
                },
                {
                  "status": "affected",
                  "version": "MT6880"
                },
                {
                  "status": "affected",
                  "version": "MT6883"
                },
                {
                  "status": "affected",
                  "version": "MT6885"
                },
                {
                  "status": "affected",
                  "version": "MT6886"
                },
                {
                  "status": "affected",
                  "version": "MT6889"
                },
                {
                  "status": "affected",
                  "version": "MT6890"
                },
                {
                  "status": "affected",
                  "version": "MT6891"
                },
                {
                  "status": "affected",
                  "version": "MT6893"
                },
                {
                  "status": "affected",
                  "version": "MT6895"
                },
                {
                  "status": "affected",
                  "version": "MT6896"
                },
                {
                  "status": "affected",
                  "version": "MT6897"
                },
                {
                  "status": "affected",
                  "version": "MT6899"
                },
                {
                  "status": "affected",
                  "version": "MT6980"
                },
                {
                  "status": "affected",
                  "version": "MT6983"
                },
                {
                  "status": "affected",
                  "version": "MT6985"
                },
                {
                  "status": "affected",
                  "version": "MT6986"
                },
                {
                  "status": "affected",
                  "version": "MT6989"
                },
                {
                  "status": "affected",
                  "version": "MT6990"
                },
                {
                  "status": "affected",
                  "version": "MT6991"
                },
                {
                  "status": "affected",
                  "version": "MT6993"
                },
                {
                  "status": "affected",
                  "version": "MT8668"
                },
                {
                  "status": "affected",
                  "version": "MT8673"
                },
                {
                  "status": "affected",
                  "version": "MT8675"
                },
                {
                  "status": "affected",
                  "version": "MT8676"
                },
                {
                  "status": "affected",
                  "version": "MT8678"
                },
                {
                  "status": "affected",
                  "version": "MT8755"
                },
                {
                  "status": "affected",
                  "version": "MT8771"
                },
                {
                  "status": "affected",
                  "version": "MT8791"
                },
                {
                  "status": "affected",
                  "version": "MT8791T"
                },
                {
                  "status": "affected",
                  "version": "MT8792"
                },
                {
                  "status": "affected",
                  "version": "MT8793"
                },
                {
                  "status": "affected",
                  "version": "MT8795T"
                },
                {
                  "status": "affected",
                  "version": "MT8797"
                },
                {
                  "status": "affected",
                  "version": "MT8798"
                },
                {
                  "status": "affected",
                  "version": "MT8863"
                },
                {
                  "status": "affected",
                  "version": "MT8873"
                },
                {
                  "status": "affected",
                  "version": "MT8883"
                },
                {
                  "status": "affected",
                  "version": "MT8893"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01688495; Issue ID: MSV-4818."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-617",
                  "description": "CWE-617 Reachable Assertion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-30T13:02:49.377Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/February-2026"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2026-20405",
        "datePublished": "2026-02-02T08:14:50.854Z",
        "dateReserved": "2025-11-03T01:30:59.007Z",
        "dateUpdated": "2026-03-30T13:02:49.377Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20404 (GCVE-0-2026-20404)

    Vulnerability from nvd – Published: 2026-02-02 08:14 – Updated: 2026-03-30 13:02
    VLAI
    Summary
    In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689248; Issue ID: MSV-4837.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    MediaTek, Inc. MediaTek chipset Affected: MT2735
    Affected: MT2737
    Affected: MT6813
    Affected: MT6815
    Affected: MT6833
    Affected: MT6835
    Affected: MT6853
    Affected: MT6855
    Affected: MT6858
    Affected: MT6873
    Affected: MT6875
    Affected: MT6877
    Affected: MT6878
    Affected: MT6879
    Affected: MT6880
    Affected: MT6883
    Affected: MT6885
    Affected: MT6886
    Affected: MT6889
    Affected: MT6890
    Affected: MT6891
    Affected: MT6893
    Affected: MT6895
    Affected: MT6896
    Affected: MT6897
    Affected: MT6899
    Affected: MT6980
    Affected: MT6983
    Affected: MT6985
    Affected: MT6986
    Affected: MT6989
    Affected: MT6990
    Affected: MT6991
    Affected: MT6993
    Affected: MT8668
    Affected: MT8673
    Affected: MT8675
    Affected: MT8676
    Affected: MT8678
    Affected: MT8755
    Affected: MT8771
    Affected: MT8791
    Affected: MT8791T
    Affected: MT8792
    Affected: MT8793
    Affected: MT8795T
    Affected: MT8797
    Affected: MT8798
    Affected: MT8863
    Affected: MT8873
    Affected: MT8883
    Affected: MT8893
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20404",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-17T14:14:30.224452Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T14:14:45.295Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MediaTek chipset",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MT2735"
                },
                {
                  "status": "affected",
                  "version": "MT2737"
                },
                {
                  "status": "affected",
                  "version": "MT6813"
                },
                {
                  "status": "affected",
                  "version": "MT6815"
                },
                {
                  "status": "affected",
                  "version": "MT6833"
                },
                {
                  "status": "affected",
                  "version": "MT6835"
                },
                {
                  "status": "affected",
                  "version": "MT6853"
                },
                {
                  "status": "affected",
                  "version": "MT6855"
                },
                {
                  "status": "affected",
                  "version": "MT6858"
                },
                {
                  "status": "affected",
                  "version": "MT6873"
                },
                {
                  "status": "affected",
                  "version": "MT6875"
                },
                {
                  "status": "affected",
                  "version": "MT6877"
                },
                {
                  "status": "affected",
                  "version": "MT6878"
                },
                {
                  "status": "affected",
                  "version": "MT6879"
                },
                {
                  "status": "affected",
                  "version": "MT6880"
                },
                {
                  "status": "affected",
                  "version": "MT6883"
                },
                {
                  "status": "affected",
                  "version": "MT6885"
                },
                {
                  "status": "affected",
                  "version": "MT6886"
                },
                {
                  "status": "affected",
                  "version": "MT6889"
                },
                {
                  "status": "affected",
                  "version": "MT6890"
                },
                {
                  "status": "affected",
                  "version": "MT6891"
                },
                {
                  "status": "affected",
                  "version": "MT6893"
                },
                {
                  "status": "affected",
                  "version": "MT6895"
                },
                {
                  "status": "affected",
                  "version": "MT6896"
                },
                {
                  "status": "affected",
                  "version": "MT6897"
                },
                {
                  "status": "affected",
                  "version": "MT6899"
                },
                {
                  "status": "affected",
                  "version": "MT6980"
                },
                {
                  "status": "affected",
                  "version": "MT6983"
                },
                {
                  "status": "affected",
                  "version": "MT6985"
                },
                {
                  "status": "affected",
                  "version": "MT6986"
                },
                {
                  "status": "affected",
                  "version": "MT6989"
                },
                {
                  "status": "affected",
                  "version": "MT6990"
                },
                {
                  "status": "affected",
                  "version": "MT6991"
                },
                {
                  "status": "affected",
                  "version": "MT6993"
                },
                {
                  "status": "affected",
                  "version": "MT8668"
                },
                {
                  "status": "affected",
                  "version": "MT8673"
                },
                {
                  "status": "affected",
                  "version": "MT8675"
                },
                {
                  "status": "affected",
                  "version": "MT8676"
                },
                {
                  "status": "affected",
                  "version": "MT8678"
                },
                {
                  "status": "affected",
                  "version": "MT8755"
                },
                {
                  "status": "affected",
                  "version": "MT8771"
                },
                {
                  "status": "affected",
                  "version": "MT8791"
                },
                {
                  "status": "affected",
                  "version": "MT8791T"
                },
                {
                  "status": "affected",
                  "version": "MT8792"
                },
                {
                  "status": "affected",
                  "version": "MT8793"
                },
                {
                  "status": "affected",
                  "version": "MT8795T"
                },
                {
                  "status": "affected",
                  "version": "MT8797"
                },
                {
                  "status": "affected",
                  "version": "MT8798"
                },
                {
                  "status": "affected",
                  "version": "MT8863"
                },
                {
                  "status": "affected",
                  "version": "MT8873"
                },
                {
                  "status": "affected",
                  "version": "MT8883"
                },
                {
                  "status": "affected",
                  "version": "MT8893"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689248; Issue ID: MSV-4837."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-30T13:02:46.700Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/February-2026"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2026-20404",
        "datePublished": "2026-02-02T08:14:48.928Z",
        "dateReserved": "2025-11-03T01:30:59.007Z",
        "dateUpdated": "2026-03-30T13:02:46.700Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20403 (GCVE-0-2026-20403)

    Vulnerability from nvd – Published: 2026-02-02 08:14 – Updated: 2026-03-30 13:02
    VLAI
    Summary
    In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689254 (Note: For N15 and NR16) / MOLY01689259 (Note: For NR17 and NR17R); Issue ID: MSV-4843.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    MediaTek, Inc. MediaTek chipset Affected: MT2735
    Affected: MT2737
    Affected: MT6813
    Affected: MT6815
    Affected: MT6833
    Affected: MT6835
    Affected: MT6853
    Affected: MT6855
    Affected: MT6873
    Affected: MT6875
    Affected: MT6877
    Affected: MT6878
    Affected: MT6879
    Affected: MT6880
    Affected: MT6883
    Affected: MT6885
    Affected: MT6886
    Affected: MT6889
    Affected: MT6890
    Affected: MT6891
    Affected: MT6893
    Affected: MT6895
    Affected: MT6896
    Affected: MT6897
    Affected: MT6899
    Affected: MT6980
    Affected: MT6983
    Affected: MT6985
    Affected: MT6989
    Affected: MT6990
    Affected: MT6991
    Affected: MT6993
    Affected: MT8673
    Affected: MT8675
    Affected: MT8676
    Affected: MT8771
    Affected: MT8791
    Affected: MT8791T
    Affected: MT8795T
    Affected: MT8797
    Affected: MT8798
    Affected: MT8893
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20403",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-17T14:15:17.296300Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T14:15:26.288Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MediaTek chipset",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MT2735"
                },
                {
                  "status": "affected",
                  "version": "MT2737"
                },
                {
                  "status": "affected",
                  "version": "MT6813"
                },
                {
                  "status": "affected",
                  "version": "MT6815"
                },
                {
                  "status": "affected",
                  "version": "MT6833"
                },
                {
                  "status": "affected",
                  "version": "MT6835"
                },
                {
                  "status": "affected",
                  "version": "MT6853"
                },
                {
                  "status": "affected",
                  "version": "MT6855"
                },
                {
                  "status": "affected",
                  "version": "MT6873"
                },
                {
                  "status": "affected",
                  "version": "MT6875"
                },
                {
                  "status": "affected",
                  "version": "MT6877"
                },
                {
                  "status": "affected",
                  "version": "MT6878"
                },
                {
                  "status": "affected",
                  "version": "MT6879"
                },
                {
                  "status": "affected",
                  "version": "MT6880"
                },
                {
                  "status": "affected",
                  "version": "MT6883"
                },
                {
                  "status": "affected",
                  "version": "MT6885"
                },
                {
                  "status": "affected",
                  "version": "MT6886"
                },
                {
                  "status": "affected",
                  "version": "MT6889"
                },
                {
                  "status": "affected",
                  "version": "MT6890"
                },
                {
                  "status": "affected",
                  "version": "MT6891"
                },
                {
                  "status": "affected",
                  "version": "MT6893"
                },
                {
                  "status": "affected",
                  "version": "MT6895"
                },
                {
                  "status": "affected",
                  "version": "MT6896"
                },
                {
                  "status": "affected",
                  "version": "MT6897"
                },
                {
                  "status": "affected",
                  "version": "MT6899"
                },
                {
                  "status": "affected",
                  "version": "MT6980"
                },
                {
                  "status": "affected",
                  "version": "MT6983"
                },
                {
                  "status": "affected",
                  "version": "MT6985"
                },
                {
                  "status": "affected",
                  "version": "MT6989"
                },
                {
                  "status": "affected",
                  "version": "MT6990"
                },
                {
                  "status": "affected",
                  "version": "MT6991"
                },
                {
                  "status": "affected",
                  "version": "MT6993"
                },
                {
                  "status": "affected",
                  "version": "MT8673"
                },
                {
                  "status": "affected",
                  "version": "MT8675"
                },
                {
                  "status": "affected",
                  "version": "MT8676"
                },
                {
                  "status": "affected",
                  "version": "MT8771"
                },
                {
                  "status": "affected",
                  "version": "MT8791"
                },
                {
                  "status": "affected",
                  "version": "MT8791T"
                },
                {
                  "status": "affected",
                  "version": "MT8795T"
                },
                {
                  "status": "affected",
                  "version": "MT8797"
                },
                {
                  "status": "affected",
                  "version": "MT8798"
                },
                {
                  "status": "affected",
                  "version": "MT8893"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689254 (Note: For N15 and NR16) / MOLY01689259 (Note: For NR17 and NR17R); Issue ID: MSV-4843."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-30T13:02:43.931Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/February-2026"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2026-20403",
        "datePublished": "2026-02-02T08:14:45.891Z",
        "dateReserved": "2025-11-03T01:30:59.007Z",
        "dateUpdated": "2026-03-30T13:02:43.931Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-20794 (GCVE-0-2025-20794)

    Vulnerability from nvd – Published: 2026-01-06 01:46 – Updated: 2026-03-30 13:03
    VLAI
    Summary
    In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689259 / MOLY01586470; Issue ID: MSV-4847.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    MediaTek, Inc. MediaTek chipset Affected: MT2735
    Affected: MT2737
    Affected: MT6813
    Affected: MT6815
    Affected: MT6833
    Affected: MT6835
    Affected: MT6853
    Affected: MT6855
    Affected: MT6873
    Affected: MT6875
    Affected: MT6877
    Affected: MT6878
    Affected: MT6879
    Affected: MT6880
    Affected: MT6883
    Affected: MT6885
    Affected: MT6886
    Affected: MT6889
    Affected: MT6890
    Affected: MT6891
    Affected: MT6893
    Affected: MT6895
    Affected: MT6896
    Affected: MT6897
    Affected: MT6899
    Affected: MT6980
    Affected: MT6983
    Affected: MT6985
    Affected: MT6986
    Affected: MT6989
    Affected: MT6990
    Affected: MT6991
    Affected: MT6993
    Affected: MT8673
    Affected: MT8675
    Affected: MT8676
    Affected: MT8678
    Affected: MT8755
    Affected: MT8771
    Affected: MT8791
    Affected: MT8791T
    Affected: MT8792
    Affected: MT8793
    Affected: MT8795T
    Affected: MT8797
    Affected: MT8798
    Affected: MT8863
    Affected: MT8873
    Affected: MT8883
    Affected: MT8893
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20794",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-17T14:21:10.532009Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T14:21:13.568Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MediaTek chipset",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MT2735"
                },
                {
                  "status": "affected",
                  "version": "MT2737"
                },
                {
                  "status": "affected",
                  "version": "MT6813"
                },
                {
                  "status": "affected",
                  "version": "MT6815"
                },
                {
                  "status": "affected",
                  "version": "MT6833"
                },
                {
                  "status": "affected",
                  "version": "MT6835"
                },
                {
                  "status": "affected",
                  "version": "MT6853"
                },
                {
                  "status": "affected",
                  "version": "MT6855"
                },
                {
                  "status": "affected",
                  "version": "MT6873"
                },
                {
                  "status": "affected",
                  "version": "MT6875"
                },
                {
                  "status": "affected",
                  "version": "MT6877"
                },
                {
                  "status": "affected",
                  "version": "MT6878"
                },
                {
                  "status": "affected",
                  "version": "MT6879"
                },
                {
                  "status": "affected",
                  "version": "MT6880"
                },
                {
                  "status": "affected",
                  "version": "MT6883"
                },
                {
                  "status": "affected",
                  "version": "MT6885"
                },
                {
                  "status": "affected",
                  "version": "MT6886"
                },
                {
                  "status": "affected",
                  "version": "MT6889"
                },
                {
                  "status": "affected",
                  "version": "MT6890"
                },
                {
                  "status": "affected",
                  "version": "MT6891"
                },
                {
                  "status": "affected",
                  "version": "MT6893"
                },
                {
                  "status": "affected",
                  "version": "MT6895"
                },
                {
                  "status": "affected",
                  "version": "MT6896"
                },
                {
                  "status": "affected",
                  "version": "MT6897"
                },
                {
                  "status": "affected",
                  "version": "MT6899"
                },
                {
                  "status": "affected",
                  "version": "MT6980"
                },
                {
                  "status": "affected",
                  "version": "MT6983"
                },
                {
                  "status": "affected",
                  "version": "MT6985"
                },
                {
                  "status": "affected",
                  "version": "MT6986"
                },
                {
                  "status": "affected",
                  "version": "MT6989"
                },
                {
                  "status": "affected",
                  "version": "MT6990"
                },
                {
                  "status": "affected",
                  "version": "MT6991"
                },
                {
                  "status": "affected",
                  "version": "MT6993"
                },
                {
                  "status": "affected",
                  "version": "MT8673"
                },
                {
                  "status": "affected",
                  "version": "MT8675"
                },
                {
                  "status": "affected",
                  "version": "MT8676"
                },
                {
                  "status": "affected",
                  "version": "MT8678"
                },
                {
                  "status": "affected",
                  "version": "MT8755"
                },
                {
                  "status": "affected",
                  "version": "MT8771"
                },
                {
                  "status": "affected",
                  "version": "MT8791"
                },
                {
                  "status": "affected",
                  "version": "MT8791T"
                },
                {
                  "status": "affected",
                  "version": "MT8792"
                },
                {
                  "status": "affected",
                  "version": "MT8793"
                },
                {
                  "status": "affected",
                  "version": "MT8795T"
                },
                {
                  "status": "affected",
                  "version": "MT8797"
                },
                {
                  "status": "affected",
                  "version": "MT8798"
                },
                {
                  "status": "affected",
                  "version": "MT8863"
                },
                {
                  "status": "affected",
                  "version": "MT8873"
                },
                {
                  "status": "affected",
                  "version": "MT8883"
                },
                {
                  "status": "affected",
                  "version": "MT8893"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689259 / MOLY01586470; Issue ID: MSV-4847."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-30T13:03:54.464Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/January-2026"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2025-20794",
        "datePublished": "2026-01-06T01:46:31.408Z",
        "dateReserved": "2024-11-01T01:21:50.403Z",
        "dateUpdated": "2026-03-30T13:03:54.464Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-20793 (GCVE-0-2025-20793)

    Vulnerability from nvd – Published: 2026-01-06 01:46 – Updated: 2026-03-30 13:03
    VLAI
    Summary
    In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01430930; Issue ID: MSV-4836.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    MediaTek, Inc. MediaTek chipset Affected: MT2735
    Affected: MT2737
    Affected: MT6813
    Affected: MT6815
    Affected: MT6833
    Affected: MT6835
    Affected: MT6853
    Affected: MT6855
    Affected: MT6873
    Affected: MT6875
    Affected: MT6877
    Affected: MT6878
    Affected: MT6879
    Affected: MT6880
    Affected: MT6883
    Affected: MT6885
    Affected: MT6886
    Affected: MT6889
    Affected: MT6890
    Affected: MT6891
    Affected: MT6893
    Affected: MT6895
    Affected: MT6896
    Affected: MT6897
    Affected: MT6899
    Affected: MT6980
    Affected: MT6983
    Affected: MT6985
    Affected: MT6989
    Affected: MT6990
    Affected: MT6991
    Affected: MT6993
    Affected: MT8673
    Affected: MT8675
    Affected: MT8676
    Affected: MT8678
    Affected: MT8755
    Affected: MT8771
    Affected: MT8791
    Affected: MT8791T
    Affected: MT8792
    Affected: MT8793
    Affected: MT8795T
    Affected: MT8797
    Affected: MT8798
    Affected: MT8863
    Affected: MT8873
    Affected: MT8883
    Affected: MT8893
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20793",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-17T14:20:39.628921Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T14:20:42.396Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MediaTek chipset",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MT2735"
                },
                {
                  "status": "affected",
                  "version": "MT2737"
                },
                {
                  "status": "affected",
                  "version": "MT6813"
                },
                {
                  "status": "affected",
                  "version": "MT6815"
                },
                {
                  "status": "affected",
                  "version": "MT6833"
                },
                {
                  "status": "affected",
                  "version": "MT6835"
                },
                {
                  "status": "affected",
                  "version": "MT6853"
                },
                {
                  "status": "affected",
                  "version": "MT6855"
                },
                {
                  "status": "affected",
                  "version": "MT6873"
                },
                {
                  "status": "affected",
                  "version": "MT6875"
                },
                {
                  "status": "affected",
                  "version": "MT6877"
                },
                {
                  "status": "affected",
                  "version": "MT6878"
                },
                {
                  "status": "affected",
                  "version": "MT6879"
                },
                {
                  "status": "affected",
                  "version": "MT6880"
                },
                {
                  "status": "affected",
                  "version": "MT6883"
                },
                {
                  "status": "affected",
                  "version": "MT6885"
                },
                {
                  "status": "affected",
                  "version": "MT6886"
                },
                {
                  "status": "affected",
                  "version": "MT6889"
                },
                {
                  "status": "affected",
                  "version": "MT6890"
                },
                {
                  "status": "affected",
                  "version": "MT6891"
                },
                {
                  "status": "affected",
                  "version": "MT6893"
                },
                {
                  "status": "affected",
                  "version": "MT6895"
                },
                {
                  "status": "affected",
                  "version": "MT6896"
                },
                {
                  "status": "affected",
                  "version": "MT6897"
                },
                {
                  "status": "affected",
                  "version": "MT6899"
                },
                {
                  "status": "affected",
                  "version": "MT6980"
                },
                {
                  "status": "affected",
                  "version": "MT6983"
                },
                {
                  "status": "affected",
                  "version": "MT6985"
                },
                {
                  "status": "affected",
                  "version": "MT6989"
                },
                {
                  "status": "affected",
                  "version": "MT6990"
                },
                {
                  "status": "affected",
                  "version": "MT6991"
                },
                {
                  "status": "affected",
                  "version": "MT6993"
                },
                {
                  "status": "affected",
                  "version": "MT8673"
                },
                {
                  "status": "affected",
                  "version": "MT8675"
                },
                {
                  "status": "affected",
                  "version": "MT8676"
                },
                {
                  "status": "affected",
                  "version": "MT8678"
                },
                {
                  "status": "affected",
                  "version": "MT8755"
                },
                {
                  "status": "affected",
                  "version": "MT8771"
                },
                {
                  "status": "affected",
                  "version": "MT8791"
                },
                {
                  "status": "affected",
                  "version": "MT8791T"
                },
                {
                  "status": "affected",
                  "version": "MT8792"
                },
                {
                  "status": "affected",
                  "version": "MT8793"
                },
                {
                  "status": "affected",
                  "version": "MT8795T"
                },
                {
                  "status": "affected",
                  "version": "MT8797"
                },
                {
                  "status": "affected",
                  "version": "MT8798"
                },
                {
                  "status": "affected",
                  "version": "MT8863"
                },
                {
                  "status": "affected",
                  "version": "MT8873"
                },
                {
                  "status": "affected",
                  "version": "MT8883"
                },
                {
                  "status": "affected",
                  "version": "MT8893"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01430930; Issue ID: MSV-4836."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-30T13:03:56.962Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/January-2026"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2025-20793",
        "datePublished": "2026-01-06T01:46:33.180Z",
        "dateReserved": "2024-11-01T01:21:50.402Z",
        "dateUpdated": "2026-03-30T13:03:56.962Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-20758 (GCVE-0-2025-20758)

    Vulnerability from nvd – Published: 2025-12-02 02:34 – Updated: 2025-12-02 14:37
    VLAI
    Summary
    In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673755; Issue ID: MSV-4647.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 4.9,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20758",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-02T14:32:24.765697Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-02T14:37:10.220Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MT2735, MT2737, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Modem NR15, NR16, NR17, NR17R"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673755; Issue ID: MSV-4647."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-248",
                  "description": "CWE-248 Uncaught Exception",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-02T02:34:13.024Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/December-2025"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2025-20758",
        "datePublished": "2025-12-02T02:34:13.024Z",
        "dateReserved": "2024-11-01T01:21:50.397Z",
        "dateUpdated": "2025-12-02T14:37:10.220Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-20754 (GCVE-0-2025-20754)

    Vulnerability from nvd – Published: 2025-12-02 02:34 – Updated: 2025-12-02 14:39
    VLAI
    Summary
    In Modem, there is a possible system crash due to an incorrect bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689251; Issue ID: MSV-4840.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20754",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-02T14:39:36.472352Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-02T14:39:42.567Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MT2735, MT2737, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Modem NR15, NR16, NR17, NR17R"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Modem, there is a possible system crash due to an incorrect bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689251; Issue ID: MSV-4840."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-248",
                  "description": "CWE-248 Uncaught Exception",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-02T02:34:05.891Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/December-2025"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2025-20754",
        "datePublished": "2025-12-02T02:34:05.891Z",
        "dateReserved": "2024-11-01T01:21:50.397Z",
        "dateUpdated": "2025-12-02T14:39:42.567Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-20752 (GCVE-0-2025-20752)

    Vulnerability from nvd – Published: 2025-12-02 02:34 – Updated: 2026-02-17 14:27
    VLAI
    Summary
    In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01270690; Issue ID: MSV-4301.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20752",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-02T14:34:59.384733Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T14:27:10.658Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MT2735, MT2737, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8676, MT8791T",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Modem NR15, NR16, NR17, NR17R"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01270690; Issue ID: MSV-4301."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-617",
                  "description": "CWE-617 Reachable Assertion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-02T02:34:18.215Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/December-2025"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2025-20752",
        "datePublished": "2025-12-02T02:34:18.215Z",
        "dateReserved": "2024-11-01T01:21:50.397Z",
        "dateUpdated": "2026-02-17T14:27:10.658Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-20727 (GCVE-0-2025-20727)

    Vulnerability from nvd – Published: 2025-11-04 06:19 – Updated: 2026-02-26 17:47
    VLAI
    Summary
    In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672601; Issue ID: MSV-4623.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20727",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-05T04:55:36.469461Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:47:28.676Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MT2735, MT2737, MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6771, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8666, MT8667, MT8673, MT8675, MT8676, MT8678, MT8765, MT8766, MT8766R, MT8768, MT8771, MT8786, MT8788, MT8788E, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Modem LR12A, NR15, NR16, NR17, NR17R"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672601; Issue ID: MSV-4623."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-04T06:19:40.087Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/November-2025"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2025-20727",
        "datePublished": "2025-11-04T06:19:40.087Z",
        "dateReserved": "2024-11-01T01:21:50.392Z",
        "dateUpdated": "2026-02-26T17:47:28.676Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-20726 (GCVE-0-2025-20726)

    Vulnerability from nvd – Published: 2025-11-04 06:19 – Updated: 2026-02-26 17:47
    VLAI
    Summary
    In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672598; Issue ID: MSV-4622.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20726",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-05T04:55:37.259864Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:47:28.321Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MT2735, MT2737, MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6771, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8666, MT8667, MT8673, MT8675, MT8676, MT8678, MT8765, MT8766, MT8766R, MT8768, MT8771, MT8786, MT8788, MT8788E, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Modem LR12A, NR15, NR16, NR17, NR17R"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672598; Issue ID: MSV-4622."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-04T06:19:41.827Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/November-2025"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2025-20726",
        "datePublished": "2025-11-04T06:19:41.827Z",
        "dateReserved": "2024-11-01T01:21:50.392Z",
        "dateUpdated": "2026-02-26T17:47:28.321Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20406 (GCVE-0-2026-20406)

    Vulnerability from cvelistv5 – Published: 2026-02-02 08:14 – Updated: 2026-03-30 13:02
    VLAI
    Summary
    In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01726634; Issue ID: MSV-5728.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    MediaTek, Inc. MediaTek chipset Affected: MT2735
    Affected: MT2737
    Affected: MT6813
    Affected: MT6815
    Affected: MT6833
    Affected: MT6835
    Affected: MT6853
    Affected: MT6855
    Affected: MT6858
    Affected: MT6873
    Affected: MT6875
    Affected: MT6877
    Affected: MT6878
    Affected: MT6879
    Affected: MT6880
    Affected: MT6883
    Affected: MT6885
    Affected: MT6886
    Affected: MT6889
    Affected: MT6890
    Affected: MT6891
    Affected: MT6893
    Affected: MT6895
    Affected: MT6896
    Affected: MT6897
    Affected: MT6899
    Affected: MT6980
    Affected: MT6983
    Affected: MT6985
    Affected: MT6986
    Affected: MT6989
    Affected: MT6990
    Affected: MT6991
    Affected: MT6993
    Affected: MT8668
    Affected: MT8673
    Affected: MT8675
    Affected: MT8676
    Affected: MT8678
    Affected: MT8755
    Affected: MT8771
    Affected: MT8791
    Affected: MT8791T
    Affected: MT8792
    Affected: MT8793
    Affected: MT8795T
    Affected: MT8797
    Affected: MT8798
    Affected: MT8863
    Affected: MT8873
    Affected: MT8883
    Affected: MT8893
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20406",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-17T14:13:31.407121Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T14:13:54.700Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MediaTek chipset",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MT2735"
                },
                {
                  "status": "affected",
                  "version": "MT2737"
                },
                {
                  "status": "affected",
                  "version": "MT6813"
                },
                {
                  "status": "affected",
                  "version": "MT6815"
                },
                {
                  "status": "affected",
                  "version": "MT6833"
                },
                {
                  "status": "affected",
                  "version": "MT6835"
                },
                {
                  "status": "affected",
                  "version": "MT6853"
                },
                {
                  "status": "affected",
                  "version": "MT6855"
                },
                {
                  "status": "affected",
                  "version": "MT6858"
                },
                {
                  "status": "affected",
                  "version": "MT6873"
                },
                {
                  "status": "affected",
                  "version": "MT6875"
                },
                {
                  "status": "affected",
                  "version": "MT6877"
                },
                {
                  "status": "affected",
                  "version": "MT6878"
                },
                {
                  "status": "affected",
                  "version": "MT6879"
                },
                {
                  "status": "affected",
                  "version": "MT6880"
                },
                {
                  "status": "affected",
                  "version": "MT6883"
                },
                {
                  "status": "affected",
                  "version": "MT6885"
                },
                {
                  "status": "affected",
                  "version": "MT6886"
                },
                {
                  "status": "affected",
                  "version": "MT6889"
                },
                {
                  "status": "affected",
                  "version": "MT6890"
                },
                {
                  "status": "affected",
                  "version": "MT6891"
                },
                {
                  "status": "affected",
                  "version": "MT6893"
                },
                {
                  "status": "affected",
                  "version": "MT6895"
                },
                {
                  "status": "affected",
                  "version": "MT6896"
                },
                {
                  "status": "affected",
                  "version": "MT6897"
                },
                {
                  "status": "affected",
                  "version": "MT6899"
                },
                {
                  "status": "affected",
                  "version": "MT6980"
                },
                {
                  "status": "affected",
                  "version": "MT6983"
                },
                {
                  "status": "affected",
                  "version": "MT6985"
                },
                {
                  "status": "affected",
                  "version": "MT6986"
                },
                {
                  "status": "affected",
                  "version": "MT6989"
                },
                {
                  "status": "affected",
                  "version": "MT6990"
                },
                {
                  "status": "affected",
                  "version": "MT6991"
                },
                {
                  "status": "affected",
                  "version": "MT6993"
                },
                {
                  "status": "affected",
                  "version": "MT8668"
                },
                {
                  "status": "affected",
                  "version": "MT8673"
                },
                {
                  "status": "affected",
                  "version": "MT8675"
                },
                {
                  "status": "affected",
                  "version": "MT8676"
                },
                {
                  "status": "affected",
                  "version": "MT8678"
                },
                {
                  "status": "affected",
                  "version": "MT8755"
                },
                {
                  "status": "affected",
                  "version": "MT8771"
                },
                {
                  "status": "affected",
                  "version": "MT8791"
                },
                {
                  "status": "affected",
                  "version": "MT8791T"
                },
                {
                  "status": "affected",
                  "version": "MT8792"
                },
                {
                  "status": "affected",
                  "version": "MT8793"
                },
                {
                  "status": "affected",
                  "version": "MT8795T"
                },
                {
                  "status": "affected",
                  "version": "MT8797"
                },
                {
                  "status": "affected",
                  "version": "MT8798"
                },
                {
                  "status": "affected",
                  "version": "MT8863"
                },
                {
                  "status": "affected",
                  "version": "MT8873"
                },
                {
                  "status": "affected",
                  "version": "MT8883"
                },
                {
                  "status": "affected",
                  "version": "MT8893"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01726634; Issue ID: MSV-5728."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-30T13:02:51.973Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/February-2026"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2026-20406",
        "datePublished": "2026-02-02T08:14:52.889Z",
        "dateReserved": "2025-11-03T01:30:59.007Z",
        "dateUpdated": "2026-03-30T13:02:51.973Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20405 (GCVE-0-2026-20405)

    Vulnerability from cvelistv5 – Published: 2026-02-02 08:14 – Updated: 2026-03-30 13:02
    VLAI
    Summary
    In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01688495; Issue ID: MSV-4818.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    MediaTek, Inc. MediaTek chipset Affected: MT2735
    Affected: MT2737
    Affected: MT6813
    Affected: MT6815
    Affected: MT6833
    Affected: MT6835
    Affected: MT6853
    Affected: MT6855
    Affected: MT6858
    Affected: MT6873
    Affected: MT6875
    Affected: MT6877
    Affected: MT6878
    Affected: MT6879
    Affected: MT6880
    Affected: MT6883
    Affected: MT6885
    Affected: MT6886
    Affected: MT6889
    Affected: MT6890
    Affected: MT6891
    Affected: MT6893
    Affected: MT6895
    Affected: MT6896
    Affected: MT6897
    Affected: MT6899
    Affected: MT6980
    Affected: MT6983
    Affected: MT6985
    Affected: MT6986
    Affected: MT6989
    Affected: MT6990
    Affected: MT6991
    Affected: MT6993
    Affected: MT8668
    Affected: MT8673
    Affected: MT8675
    Affected: MT8676
    Affected: MT8678
    Affected: MT8755
    Affected: MT8771
    Affected: MT8791
    Affected: MT8791T
    Affected: MT8792
    Affected: MT8793
    Affected: MT8795T
    Affected: MT8797
    Affected: MT8798
    Affected: MT8863
    Affected: MT8873
    Affected: MT8883
    Affected: MT8893
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20405",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-17T14:14:10.553618Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T14:14:19.474Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MediaTek chipset",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MT2735"
                },
                {
                  "status": "affected",
                  "version": "MT2737"
                },
                {
                  "status": "affected",
                  "version": "MT6813"
                },
                {
                  "status": "affected",
                  "version": "MT6815"
                },
                {
                  "status": "affected",
                  "version": "MT6833"
                },
                {
                  "status": "affected",
                  "version": "MT6835"
                },
                {
                  "status": "affected",
                  "version": "MT6853"
                },
                {
                  "status": "affected",
                  "version": "MT6855"
                },
                {
                  "status": "affected",
                  "version": "MT6858"
                },
                {
                  "status": "affected",
                  "version": "MT6873"
                },
                {
                  "status": "affected",
                  "version": "MT6875"
                },
                {
                  "status": "affected",
                  "version": "MT6877"
                },
                {
                  "status": "affected",
                  "version": "MT6878"
                },
                {
                  "status": "affected",
                  "version": "MT6879"
                },
                {
                  "status": "affected",
                  "version": "MT6880"
                },
                {
                  "status": "affected",
                  "version": "MT6883"
                },
                {
                  "status": "affected",
                  "version": "MT6885"
                },
                {
                  "status": "affected",
                  "version": "MT6886"
                },
                {
                  "status": "affected",
                  "version": "MT6889"
                },
                {
                  "status": "affected",
                  "version": "MT6890"
                },
                {
                  "status": "affected",
                  "version": "MT6891"
                },
                {
                  "status": "affected",
                  "version": "MT6893"
                },
                {
                  "status": "affected",
                  "version": "MT6895"
                },
                {
                  "status": "affected",
                  "version": "MT6896"
                },
                {
                  "status": "affected",
                  "version": "MT6897"
                },
                {
                  "status": "affected",
                  "version": "MT6899"
                },
                {
                  "status": "affected",
                  "version": "MT6980"
                },
                {
                  "status": "affected",
                  "version": "MT6983"
                },
                {
                  "status": "affected",
                  "version": "MT6985"
                },
                {
                  "status": "affected",
                  "version": "MT6986"
                },
                {
                  "status": "affected",
                  "version": "MT6989"
                },
                {
                  "status": "affected",
                  "version": "MT6990"
                },
                {
                  "status": "affected",
                  "version": "MT6991"
                },
                {
                  "status": "affected",
                  "version": "MT6993"
                },
                {
                  "status": "affected",
                  "version": "MT8668"
                },
                {
                  "status": "affected",
                  "version": "MT8673"
                },
                {
                  "status": "affected",
                  "version": "MT8675"
                },
                {
                  "status": "affected",
                  "version": "MT8676"
                },
                {
                  "status": "affected",
                  "version": "MT8678"
                },
                {
                  "status": "affected",
                  "version": "MT8755"
                },
                {
                  "status": "affected",
                  "version": "MT8771"
                },
                {
                  "status": "affected",
                  "version": "MT8791"
                },
                {
                  "status": "affected",
                  "version": "MT8791T"
                },
                {
                  "status": "affected",
                  "version": "MT8792"
                },
                {
                  "status": "affected",
                  "version": "MT8793"
                },
                {
                  "status": "affected",
                  "version": "MT8795T"
                },
                {
                  "status": "affected",
                  "version": "MT8797"
                },
                {
                  "status": "affected",
                  "version": "MT8798"
                },
                {
                  "status": "affected",
                  "version": "MT8863"
                },
                {
                  "status": "affected",
                  "version": "MT8873"
                },
                {
                  "status": "affected",
                  "version": "MT8883"
                },
                {
                  "status": "affected",
                  "version": "MT8893"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01688495; Issue ID: MSV-4818."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-617",
                  "description": "CWE-617 Reachable Assertion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-30T13:02:49.377Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/February-2026"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2026-20405",
        "datePublished": "2026-02-02T08:14:50.854Z",
        "dateReserved": "2025-11-03T01:30:59.007Z",
        "dateUpdated": "2026-03-30T13:02:49.377Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20404 (GCVE-0-2026-20404)

    Vulnerability from cvelistv5 – Published: 2026-02-02 08:14 – Updated: 2026-03-30 13:02
    VLAI
    Summary
    In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689248; Issue ID: MSV-4837.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    MediaTek, Inc. MediaTek chipset Affected: MT2735
    Affected: MT2737
    Affected: MT6813
    Affected: MT6815
    Affected: MT6833
    Affected: MT6835
    Affected: MT6853
    Affected: MT6855
    Affected: MT6858
    Affected: MT6873
    Affected: MT6875
    Affected: MT6877
    Affected: MT6878
    Affected: MT6879
    Affected: MT6880
    Affected: MT6883
    Affected: MT6885
    Affected: MT6886
    Affected: MT6889
    Affected: MT6890
    Affected: MT6891
    Affected: MT6893
    Affected: MT6895
    Affected: MT6896
    Affected: MT6897
    Affected: MT6899
    Affected: MT6980
    Affected: MT6983
    Affected: MT6985
    Affected: MT6986
    Affected: MT6989
    Affected: MT6990
    Affected: MT6991
    Affected: MT6993
    Affected: MT8668
    Affected: MT8673
    Affected: MT8675
    Affected: MT8676
    Affected: MT8678
    Affected: MT8755
    Affected: MT8771
    Affected: MT8791
    Affected: MT8791T
    Affected: MT8792
    Affected: MT8793
    Affected: MT8795T
    Affected: MT8797
    Affected: MT8798
    Affected: MT8863
    Affected: MT8873
    Affected: MT8883
    Affected: MT8893
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20404",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-17T14:14:30.224452Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T14:14:45.295Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MediaTek chipset",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MT2735"
                },
                {
                  "status": "affected",
                  "version": "MT2737"
                },
                {
                  "status": "affected",
                  "version": "MT6813"
                },
                {
                  "status": "affected",
                  "version": "MT6815"
                },
                {
                  "status": "affected",
                  "version": "MT6833"
                },
                {
                  "status": "affected",
                  "version": "MT6835"
                },
                {
                  "status": "affected",
                  "version": "MT6853"
                },
                {
                  "status": "affected",
                  "version": "MT6855"
                },
                {
                  "status": "affected",
                  "version": "MT6858"
                },
                {
                  "status": "affected",
                  "version": "MT6873"
                },
                {
                  "status": "affected",
                  "version": "MT6875"
                },
                {
                  "status": "affected",
                  "version": "MT6877"
                },
                {
                  "status": "affected",
                  "version": "MT6878"
                },
                {
                  "status": "affected",
                  "version": "MT6879"
                },
                {
                  "status": "affected",
                  "version": "MT6880"
                },
                {
                  "status": "affected",
                  "version": "MT6883"
                },
                {
                  "status": "affected",
                  "version": "MT6885"
                },
                {
                  "status": "affected",
                  "version": "MT6886"
                },
                {
                  "status": "affected",
                  "version": "MT6889"
                },
                {
                  "status": "affected",
                  "version": "MT6890"
                },
                {
                  "status": "affected",
                  "version": "MT6891"
                },
                {
                  "status": "affected",
                  "version": "MT6893"
                },
                {
                  "status": "affected",
                  "version": "MT6895"
                },
                {
                  "status": "affected",
                  "version": "MT6896"
                },
                {
                  "status": "affected",
                  "version": "MT6897"
                },
                {
                  "status": "affected",
                  "version": "MT6899"
                },
                {
                  "status": "affected",
                  "version": "MT6980"
                },
                {
                  "status": "affected",
                  "version": "MT6983"
                },
                {
                  "status": "affected",
                  "version": "MT6985"
                },
                {
                  "status": "affected",
                  "version": "MT6986"
                },
                {
                  "status": "affected",
                  "version": "MT6989"
                },
                {
                  "status": "affected",
                  "version": "MT6990"
                },
                {
                  "status": "affected",
                  "version": "MT6991"
                },
                {
                  "status": "affected",
                  "version": "MT6993"
                },
                {
                  "status": "affected",
                  "version": "MT8668"
                },
                {
                  "status": "affected",
                  "version": "MT8673"
                },
                {
                  "status": "affected",
                  "version": "MT8675"
                },
                {
                  "status": "affected",
                  "version": "MT8676"
                },
                {
                  "status": "affected",
                  "version": "MT8678"
                },
                {
                  "status": "affected",
                  "version": "MT8755"
                },
                {
                  "status": "affected",
                  "version": "MT8771"
                },
                {
                  "status": "affected",
                  "version": "MT8791"
                },
                {
                  "status": "affected",
                  "version": "MT8791T"
                },
                {
                  "status": "affected",
                  "version": "MT8792"
                },
                {
                  "status": "affected",
                  "version": "MT8793"
                },
                {
                  "status": "affected",
                  "version": "MT8795T"
                },
                {
                  "status": "affected",
                  "version": "MT8797"
                },
                {
                  "status": "affected",
                  "version": "MT8798"
                },
                {
                  "status": "affected",
                  "version": "MT8863"
                },
                {
                  "status": "affected",
                  "version": "MT8873"
                },
                {
                  "status": "affected",
                  "version": "MT8883"
                },
                {
                  "status": "affected",
                  "version": "MT8893"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689248; Issue ID: MSV-4837."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-30T13:02:46.700Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/February-2026"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2026-20404",
        "datePublished": "2026-02-02T08:14:48.928Z",
        "dateReserved": "2025-11-03T01:30:59.007Z",
        "dateUpdated": "2026-03-30T13:02:46.700Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20403 (GCVE-0-2026-20403)

    Vulnerability from cvelistv5 – Published: 2026-02-02 08:14 – Updated: 2026-03-30 13:02
    VLAI
    Summary
    In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689254 (Note: For N15 and NR16) / MOLY01689259 (Note: For NR17 and NR17R); Issue ID: MSV-4843.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    MediaTek, Inc. MediaTek chipset Affected: MT2735
    Affected: MT2737
    Affected: MT6813
    Affected: MT6815
    Affected: MT6833
    Affected: MT6835
    Affected: MT6853
    Affected: MT6855
    Affected: MT6873
    Affected: MT6875
    Affected: MT6877
    Affected: MT6878
    Affected: MT6879
    Affected: MT6880
    Affected: MT6883
    Affected: MT6885
    Affected: MT6886
    Affected: MT6889
    Affected: MT6890
    Affected: MT6891
    Affected: MT6893
    Affected: MT6895
    Affected: MT6896
    Affected: MT6897
    Affected: MT6899
    Affected: MT6980
    Affected: MT6983
    Affected: MT6985
    Affected: MT6989
    Affected: MT6990
    Affected: MT6991
    Affected: MT6993
    Affected: MT8673
    Affected: MT8675
    Affected: MT8676
    Affected: MT8771
    Affected: MT8791
    Affected: MT8791T
    Affected: MT8795T
    Affected: MT8797
    Affected: MT8798
    Affected: MT8893
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20403",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-17T14:15:17.296300Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T14:15:26.288Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MediaTek chipset",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MT2735"
                },
                {
                  "status": "affected",
                  "version": "MT2737"
                },
                {
                  "status": "affected",
                  "version": "MT6813"
                },
                {
                  "status": "affected",
                  "version": "MT6815"
                },
                {
                  "status": "affected",
                  "version": "MT6833"
                },
                {
                  "status": "affected",
                  "version": "MT6835"
                },
                {
                  "status": "affected",
                  "version": "MT6853"
                },
                {
                  "status": "affected",
                  "version": "MT6855"
                },
                {
                  "status": "affected",
                  "version": "MT6873"
                },
                {
                  "status": "affected",
                  "version": "MT6875"
                },
                {
                  "status": "affected",
                  "version": "MT6877"
                },
                {
                  "status": "affected",
                  "version": "MT6878"
                },
                {
                  "status": "affected",
                  "version": "MT6879"
                },
                {
                  "status": "affected",
                  "version": "MT6880"
                },
                {
                  "status": "affected",
                  "version": "MT6883"
                },
                {
                  "status": "affected",
                  "version": "MT6885"
                },
                {
                  "status": "affected",
                  "version": "MT6886"
                },
                {
                  "status": "affected",
                  "version": "MT6889"
                },
                {
                  "status": "affected",
                  "version": "MT6890"
                },
                {
                  "status": "affected",
                  "version": "MT6891"
                },
                {
                  "status": "affected",
                  "version": "MT6893"
                },
                {
                  "status": "affected",
                  "version": "MT6895"
                },
                {
                  "status": "affected",
                  "version": "MT6896"
                },
                {
                  "status": "affected",
                  "version": "MT6897"
                },
                {
                  "status": "affected",
                  "version": "MT6899"
                },
                {
                  "status": "affected",
                  "version": "MT6980"
                },
                {
                  "status": "affected",
                  "version": "MT6983"
                },
                {
                  "status": "affected",
                  "version": "MT6985"
                },
                {
                  "status": "affected",
                  "version": "MT6989"
                },
                {
                  "status": "affected",
                  "version": "MT6990"
                },
                {
                  "status": "affected",
                  "version": "MT6991"
                },
                {
                  "status": "affected",
                  "version": "MT6993"
                },
                {
                  "status": "affected",
                  "version": "MT8673"
                },
                {
                  "status": "affected",
                  "version": "MT8675"
                },
                {
                  "status": "affected",
                  "version": "MT8676"
                },
                {
                  "status": "affected",
                  "version": "MT8771"
                },
                {
                  "status": "affected",
                  "version": "MT8791"
                },
                {
                  "status": "affected",
                  "version": "MT8791T"
                },
                {
                  "status": "affected",
                  "version": "MT8795T"
                },
                {
                  "status": "affected",
                  "version": "MT8797"
                },
                {
                  "status": "affected",
                  "version": "MT8798"
                },
                {
                  "status": "affected",
                  "version": "MT8893"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689254 (Note: For N15 and NR16) / MOLY01689259 (Note: For NR17 and NR17R); Issue ID: MSV-4843."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-30T13:02:43.931Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/February-2026"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2026-20403",
        "datePublished": "2026-02-02T08:14:45.891Z",
        "dateReserved": "2025-11-03T01:30:59.007Z",
        "dateUpdated": "2026-03-30T13:02:43.931Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20422 (GCVE-0-2026-20422)

    Vulnerability from cvelistv5 – Published: 2026-02-02 08:14 – Updated: 2026-03-30 13:02
    VLAI
    Summary
    In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00827332; Issue ID: MSV-5919.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    MediaTek, Inc. MediaTek chipset Affected: MT2735
    Affected: MT2737
    Affected: MT6813
    Affected: MT6815
    Affected: MT6833
    Affected: MT6835
    Affected: MT6853
    Affected: MT6855
    Affected: MT6858
    Affected: MT6873
    Affected: MT6875
    Affected: MT6877
    Affected: MT6878
    Affected: MT6879
    Affected: MT6880
    Affected: MT6883
    Affected: MT6885
    Affected: MT6886
    Affected: MT6889
    Affected: MT6890
    Affected: MT6891
    Affected: MT6893
    Affected: MT6895
    Affected: MT6896
    Affected: MT6897
    Affected: MT6899
    Affected: MT6980
    Affected: MT6983
    Affected: MT6985
    Affected: MT6986
    Affected: MT6989
    Affected: MT6990
    Affected: MT6991
    Affected: MT6993
    Affected: MT8668
    Affected: MT8673
    Affected: MT8675
    Affected: MT8676
    Affected: MT8678
    Affected: MT8755
    Affected: MT8771
    Affected: MT8775
    Affected: MT8791
    Affected: MT8791T
    Affected: MT8792
    Affected: MT8793
    Affected: MT8795T
    Affected: MT8797
    Affected: MT8798
    Affected: MT8863
    Affected: MT8873
    Affected: MT8883
    Affected: MT8893
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20422",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-17T14:15:42.769658Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T14:15:51.861Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MediaTek chipset",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MT2735"
                },
                {
                  "status": "affected",
                  "version": "MT2737"
                },
                {
                  "status": "affected",
                  "version": "MT6813"
                },
                {
                  "status": "affected",
                  "version": "MT6815"
                },
                {
                  "status": "affected",
                  "version": "MT6833"
                },
                {
                  "status": "affected",
                  "version": "MT6835"
                },
                {
                  "status": "affected",
                  "version": "MT6853"
                },
                {
                  "status": "affected",
                  "version": "MT6855"
                },
                {
                  "status": "affected",
                  "version": "MT6858"
                },
                {
                  "status": "affected",
                  "version": "MT6873"
                },
                {
                  "status": "affected",
                  "version": "MT6875"
                },
                {
                  "status": "affected",
                  "version": "MT6877"
                },
                {
                  "status": "affected",
                  "version": "MT6878"
                },
                {
                  "status": "affected",
                  "version": "MT6879"
                },
                {
                  "status": "affected",
                  "version": "MT6880"
                },
                {
                  "status": "affected",
                  "version": "MT6883"
                },
                {
                  "status": "affected",
                  "version": "MT6885"
                },
                {
                  "status": "affected",
                  "version": "MT6886"
                },
                {
                  "status": "affected",
                  "version": "MT6889"
                },
                {
                  "status": "affected",
                  "version": "MT6890"
                },
                {
                  "status": "affected",
                  "version": "MT6891"
                },
                {
                  "status": "affected",
                  "version": "MT6893"
                },
                {
                  "status": "affected",
                  "version": "MT6895"
                },
                {
                  "status": "affected",
                  "version": "MT6896"
                },
                {
                  "status": "affected",
                  "version": "MT6897"
                },
                {
                  "status": "affected",
                  "version": "MT6899"
                },
                {
                  "status": "affected",
                  "version": "MT6980"
                },
                {
                  "status": "affected",
                  "version": "MT6983"
                },
                {
                  "status": "affected",
                  "version": "MT6985"
                },
                {
                  "status": "affected",
                  "version": "MT6986"
                },
                {
                  "status": "affected",
                  "version": "MT6989"
                },
                {
                  "status": "affected",
                  "version": "MT6990"
                },
                {
                  "status": "affected",
                  "version": "MT6991"
                },
                {
                  "status": "affected",
                  "version": "MT6993"
                },
                {
                  "status": "affected",
                  "version": "MT8668"
                },
                {
                  "status": "affected",
                  "version": "MT8673"
                },
                {
                  "status": "affected",
                  "version": "MT8675"
                },
                {
                  "status": "affected",
                  "version": "MT8676"
                },
                {
                  "status": "affected",
                  "version": "MT8678"
                },
                {
                  "status": "affected",
                  "version": "MT8755"
                },
                {
                  "status": "affected",
                  "version": "MT8771"
                },
                {
                  "status": "affected",
                  "version": "MT8775"
                },
                {
                  "status": "affected",
                  "version": "MT8791"
                },
                {
                  "status": "affected",
                  "version": "MT8791T"
                },
                {
                  "status": "affected",
                  "version": "MT8792"
                },
                {
                  "status": "affected",
                  "version": "MT8793"
                },
                {
                  "status": "affected",
                  "version": "MT8795T"
                },
                {
                  "status": "affected",
                  "version": "MT8797"
                },
                {
                  "status": "affected",
                  "version": "MT8798"
                },
                {
                  "status": "affected",
                  "version": "MT8863"
                },
                {
                  "status": "affected",
                  "version": "MT8873"
                },
                {
                  "status": "affected",
                  "version": "MT8883"
                },
                {
                  "status": "affected",
                  "version": "MT8893"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00827332; Issue ID: MSV-5919."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-617",
                  "description": "CWE-617 Reachable Assertion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-30T13:02:41.210Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/February-2026"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2026-20422",
        "datePublished": "2026-02-02T08:14:43.190Z",
        "dateReserved": "2025-11-03T01:30:59.010Z",
        "dateUpdated": "2026-03-30T13:02:41.210Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-20420 (GCVE-0-2026-20420)

    Vulnerability from cvelistv5 – Published: 2026-02-02 08:14 – Updated: 2026-03-30 13:02
    VLAI
    Summary
    In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738313; Issue ID: MSV-5935.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    MediaTek, Inc. MediaTek chipset Affected: MT2735
    Affected: MT2737
    Affected: MT6813
    Affected: MT6815
    Affected: MT6833
    Affected: MT6835
    Affected: MT6853
    Affected: MT6855
    Affected: MT6858
    Affected: MT6873
    Affected: MT6875
    Affected: MT6877
    Affected: MT6878
    Affected: MT6879
    Affected: MT6880
    Affected: MT6883
    Affected: MT6885
    Affected: MT6886
    Affected: MT6889
    Affected: MT6890
    Affected: MT6891
    Affected: MT6893
    Affected: MT6895
    Affected: MT6896
    Affected: MT6897
    Affected: MT6899
    Affected: MT6980
    Affected: MT6983
    Affected: MT6985
    Affected: MT6986
    Affected: MT6989
    Affected: MT6990
    Affected: MT6991
    Affected: MT6993
    Affected: MT8676
    Affected: MT8791
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20420",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-02T18:47:39.179344Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T14:18:26.562Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MediaTek chipset",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MT2735"
                },
                {
                  "status": "affected",
                  "version": "MT2737"
                },
                {
                  "status": "affected",
                  "version": "MT6813"
                },
                {
                  "status": "affected",
                  "version": "MT6815"
                },
                {
                  "status": "affected",
                  "version": "MT6833"
                },
                {
                  "status": "affected",
                  "version": "MT6835"
                },
                {
                  "status": "affected",
                  "version": "MT6853"
                },
                {
                  "status": "affected",
                  "version": "MT6855"
                },
                {
                  "status": "affected",
                  "version": "MT6858"
                },
                {
                  "status": "affected",
                  "version": "MT6873"
                },
                {
                  "status": "affected",
                  "version": "MT6875"
                },
                {
                  "status": "affected",
                  "version": "MT6877"
                },
                {
                  "status": "affected",
                  "version": "MT6878"
                },
                {
                  "status": "affected",
                  "version": "MT6879"
                },
                {
                  "status": "affected",
                  "version": "MT6880"
                },
                {
                  "status": "affected",
                  "version": "MT6883"
                },
                {
                  "status": "affected",
                  "version": "MT6885"
                },
                {
                  "status": "affected",
                  "version": "MT6886"
                },
                {
                  "status": "affected",
                  "version": "MT6889"
                },
                {
                  "status": "affected",
                  "version": "MT6890"
                },
                {
                  "status": "affected",
                  "version": "MT6891"
                },
                {
                  "status": "affected",
                  "version": "MT6893"
                },
                {
                  "status": "affected",
                  "version": "MT6895"
                },
                {
                  "status": "affected",
                  "version": "MT6896"
                },
                {
                  "status": "affected",
                  "version": "MT6897"
                },
                {
                  "status": "affected",
                  "version": "MT6899"
                },
                {
                  "status": "affected",
                  "version": "MT6980"
                },
                {
                  "status": "affected",
                  "version": "MT6983"
                },
                {
                  "status": "affected",
                  "version": "MT6985"
                },
                {
                  "status": "affected",
                  "version": "MT6986"
                },
                {
                  "status": "affected",
                  "version": "MT6989"
                },
                {
                  "status": "affected",
                  "version": "MT6990"
                },
                {
                  "status": "affected",
                  "version": "MT6991"
                },
                {
                  "status": "affected",
                  "version": "MT6993"
                },
                {
                  "status": "affected",
                  "version": "MT8676"
                },
                {
                  "status": "affected",
                  "version": "MT8791"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738313; Issue ID: MSV-5935."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-30T13:02:30.303Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/February-2026"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2026-20420",
        "datePublished": "2026-02-02T08:14:32.385Z",
        "dateReserved": "2025-11-03T01:30:59.010Z",
        "dateUpdated": "2026-03-30T13:02:30.303Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-20793 (GCVE-0-2025-20793)

    Vulnerability from cvelistv5 – Published: 2026-01-06 01:46 – Updated: 2026-03-30 13:03
    VLAI
    Summary
    In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01430930; Issue ID: MSV-4836.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    MediaTek, Inc. MediaTek chipset Affected: MT2735
    Affected: MT2737
    Affected: MT6813
    Affected: MT6815
    Affected: MT6833
    Affected: MT6835
    Affected: MT6853
    Affected: MT6855
    Affected: MT6873
    Affected: MT6875
    Affected: MT6877
    Affected: MT6878
    Affected: MT6879
    Affected: MT6880
    Affected: MT6883
    Affected: MT6885
    Affected: MT6886
    Affected: MT6889
    Affected: MT6890
    Affected: MT6891
    Affected: MT6893
    Affected: MT6895
    Affected: MT6896
    Affected: MT6897
    Affected: MT6899
    Affected: MT6980
    Affected: MT6983
    Affected: MT6985
    Affected: MT6989
    Affected: MT6990
    Affected: MT6991
    Affected: MT6993
    Affected: MT8673
    Affected: MT8675
    Affected: MT8676
    Affected: MT8678
    Affected: MT8755
    Affected: MT8771
    Affected: MT8791
    Affected: MT8791T
    Affected: MT8792
    Affected: MT8793
    Affected: MT8795T
    Affected: MT8797
    Affected: MT8798
    Affected: MT8863
    Affected: MT8873
    Affected: MT8883
    Affected: MT8893
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20793",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-17T14:20:39.628921Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T14:20:42.396Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MediaTek chipset",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MT2735"
                },
                {
                  "status": "affected",
                  "version": "MT2737"
                },
                {
                  "status": "affected",
                  "version": "MT6813"
                },
                {
                  "status": "affected",
                  "version": "MT6815"
                },
                {
                  "status": "affected",
                  "version": "MT6833"
                },
                {
                  "status": "affected",
                  "version": "MT6835"
                },
                {
                  "status": "affected",
                  "version": "MT6853"
                },
                {
                  "status": "affected",
                  "version": "MT6855"
                },
                {
                  "status": "affected",
                  "version": "MT6873"
                },
                {
                  "status": "affected",
                  "version": "MT6875"
                },
                {
                  "status": "affected",
                  "version": "MT6877"
                },
                {
                  "status": "affected",
                  "version": "MT6878"
                },
                {
                  "status": "affected",
                  "version": "MT6879"
                },
                {
                  "status": "affected",
                  "version": "MT6880"
                },
                {
                  "status": "affected",
                  "version": "MT6883"
                },
                {
                  "status": "affected",
                  "version": "MT6885"
                },
                {
                  "status": "affected",
                  "version": "MT6886"
                },
                {
                  "status": "affected",
                  "version": "MT6889"
                },
                {
                  "status": "affected",
                  "version": "MT6890"
                },
                {
                  "status": "affected",
                  "version": "MT6891"
                },
                {
                  "status": "affected",
                  "version": "MT6893"
                },
                {
                  "status": "affected",
                  "version": "MT6895"
                },
                {
                  "status": "affected",
                  "version": "MT6896"
                },
                {
                  "status": "affected",
                  "version": "MT6897"
                },
                {
                  "status": "affected",
                  "version": "MT6899"
                },
                {
                  "status": "affected",
                  "version": "MT6980"
                },
                {
                  "status": "affected",
                  "version": "MT6983"
                },
                {
                  "status": "affected",
                  "version": "MT6985"
                },
                {
                  "status": "affected",
                  "version": "MT6989"
                },
                {
                  "status": "affected",
                  "version": "MT6990"
                },
                {
                  "status": "affected",
                  "version": "MT6991"
                },
                {
                  "status": "affected",
                  "version": "MT6993"
                },
                {
                  "status": "affected",
                  "version": "MT8673"
                },
                {
                  "status": "affected",
                  "version": "MT8675"
                },
                {
                  "status": "affected",
                  "version": "MT8676"
                },
                {
                  "status": "affected",
                  "version": "MT8678"
                },
                {
                  "status": "affected",
                  "version": "MT8755"
                },
                {
                  "status": "affected",
                  "version": "MT8771"
                },
                {
                  "status": "affected",
                  "version": "MT8791"
                },
                {
                  "status": "affected",
                  "version": "MT8791T"
                },
                {
                  "status": "affected",
                  "version": "MT8792"
                },
                {
                  "status": "affected",
                  "version": "MT8793"
                },
                {
                  "status": "affected",
                  "version": "MT8795T"
                },
                {
                  "status": "affected",
                  "version": "MT8797"
                },
                {
                  "status": "affected",
                  "version": "MT8798"
                },
                {
                  "status": "affected",
                  "version": "MT8863"
                },
                {
                  "status": "affected",
                  "version": "MT8873"
                },
                {
                  "status": "affected",
                  "version": "MT8883"
                },
                {
                  "status": "affected",
                  "version": "MT8893"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01430930; Issue ID: MSV-4836."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-30T13:03:56.962Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/January-2026"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2025-20793",
        "datePublished": "2026-01-06T01:46:33.180Z",
        "dateReserved": "2024-11-01T01:21:50.402Z",
        "dateUpdated": "2026-03-30T13:03:56.962Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-20794 (GCVE-0-2025-20794)

    Vulnerability from cvelistv5 – Published: 2026-01-06 01:46 – Updated: 2026-03-30 13:03
    VLAI
    Summary
    In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689259 / MOLY01586470; Issue ID: MSV-4847.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    MediaTek, Inc. MediaTek chipset Affected: MT2735
    Affected: MT2737
    Affected: MT6813
    Affected: MT6815
    Affected: MT6833
    Affected: MT6835
    Affected: MT6853
    Affected: MT6855
    Affected: MT6873
    Affected: MT6875
    Affected: MT6877
    Affected: MT6878
    Affected: MT6879
    Affected: MT6880
    Affected: MT6883
    Affected: MT6885
    Affected: MT6886
    Affected: MT6889
    Affected: MT6890
    Affected: MT6891
    Affected: MT6893
    Affected: MT6895
    Affected: MT6896
    Affected: MT6897
    Affected: MT6899
    Affected: MT6980
    Affected: MT6983
    Affected: MT6985
    Affected: MT6986
    Affected: MT6989
    Affected: MT6990
    Affected: MT6991
    Affected: MT6993
    Affected: MT8673
    Affected: MT8675
    Affected: MT8676
    Affected: MT8678
    Affected: MT8755
    Affected: MT8771
    Affected: MT8791
    Affected: MT8791T
    Affected: MT8792
    Affected: MT8793
    Affected: MT8795T
    Affected: MT8797
    Affected: MT8798
    Affected: MT8863
    Affected: MT8873
    Affected: MT8883
    Affected: MT8893
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20794",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-17T14:21:10.532009Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T14:21:13.568Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "MediaTek chipset",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "MT2735"
                },
                {
                  "status": "affected",
                  "version": "MT2737"
                },
                {
                  "status": "affected",
                  "version": "MT6813"
                },
                {
                  "status": "affected",
                  "version": "MT6815"
                },
                {
                  "status": "affected",
                  "version": "MT6833"
                },
                {
                  "status": "affected",
                  "version": "MT6835"
                },
                {
                  "status": "affected",
                  "version": "MT6853"
                },
                {
                  "status": "affected",
                  "version": "MT6855"
                },
                {
                  "status": "affected",
                  "version": "MT6873"
                },
                {
                  "status": "affected",
                  "version": "MT6875"
                },
                {
                  "status": "affected",
                  "version": "MT6877"
                },
                {
                  "status": "affected",
                  "version": "MT6878"
                },
                {
                  "status": "affected",
                  "version": "MT6879"
                },
                {
                  "status": "affected",
                  "version": "MT6880"
                },
                {
                  "status": "affected",
                  "version": "MT6883"
                },
                {
                  "status": "affected",
                  "version": "MT6885"
                },
                {
                  "status": "affected",
                  "version": "MT6886"
                },
                {
                  "status": "affected",
                  "version": "MT6889"
                },
                {
                  "status": "affected",
                  "version": "MT6890"
                },
                {
                  "status": "affected",
                  "version": "MT6891"
                },
                {
                  "status": "affected",
                  "version": "MT6893"
                },
                {
                  "status": "affected",
                  "version": "MT6895"
                },
                {
                  "status": "affected",
                  "version": "MT6896"
                },
                {
                  "status": "affected",
                  "version": "MT6897"
                },
                {
                  "status": "affected",
                  "version": "MT6899"
                },
                {
                  "status": "affected",
                  "version": "MT6980"
                },
                {
                  "status": "affected",
                  "version": "MT6983"
                },
                {
                  "status": "affected",
                  "version": "MT6985"
                },
                {
                  "status": "affected",
                  "version": "MT6986"
                },
                {
                  "status": "affected",
                  "version": "MT6989"
                },
                {
                  "status": "affected",
                  "version": "MT6990"
                },
                {
                  "status": "affected",
                  "version": "MT6991"
                },
                {
                  "status": "affected",
                  "version": "MT6993"
                },
                {
                  "status": "affected",
                  "version": "MT8673"
                },
                {
                  "status": "affected",
                  "version": "MT8675"
                },
                {
                  "status": "affected",
                  "version": "MT8676"
                },
                {
                  "status": "affected",
                  "version": "MT8678"
                },
                {
                  "status": "affected",
                  "version": "MT8755"
                },
                {
                  "status": "affected",
                  "version": "MT8771"
                },
                {
                  "status": "affected",
                  "version": "MT8791"
                },
                {
                  "status": "affected",
                  "version": "MT8791T"
                },
                {
                  "status": "affected",
                  "version": "MT8792"
                },
                {
                  "status": "affected",
                  "version": "MT8793"
                },
                {
                  "status": "affected",
                  "version": "MT8795T"
                },
                {
                  "status": "affected",
                  "version": "MT8797"
                },
                {
                  "status": "affected",
                  "version": "MT8798"
                },
                {
                  "status": "affected",
                  "version": "MT8863"
                },
                {
                  "status": "affected",
                  "version": "MT8873"
                },
                {
                  "status": "affected",
                  "version": "MT8883"
                },
                {
                  "status": "affected",
                  "version": "MT8893"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689259 / MOLY01586470; Issue ID: MSV-4847."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-30T13:03:54.464Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/January-2026"
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2025-20794",
        "datePublished": "2026-01-06T01:46:31.408Z",
        "dateReserved": "2024-11-01T01:21:50.403Z",
        "dateUpdated": "2026-03-30T13:03:54.464Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-20752 (GCVE-0-2025-20752)

    Vulnerability from cvelistv5 – Published: 2025-12-02 02:34 – Updated: 2026-02-17 14:27
    VLAI
    Summary
    In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01270690; Issue ID: MSV-4301.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "ADJACENT_NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20752",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-02T14:34:59.384733Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-17T14:27:10.658Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MT2735, MT2737, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8676, MT8791T",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Modem NR15, NR16, NR17, NR17R"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01270690; Issue ID: MSV-4301."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-617",
                  "description": "CWE-617 Reachable Assertion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-02T02:34:18.215Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/December-2025"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2025-20752",
        "datePublished": "2025-12-02T02:34:18.215Z",
        "dateReserved": "2024-11-01T01:21:50.397Z",
        "dateUpdated": "2026-02-17T14:27:10.658Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-20758 (GCVE-0-2025-20758)

    Vulnerability from cvelistv5 – Published: 2025-12-02 02:34 – Updated: 2025-12-02 14:37
    VLAI
    Summary
    In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673755; Issue ID: MSV-4647.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 4.9,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "HIGH",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20758",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-02T14:32:24.765697Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-02T14:37:10.220Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MT2735, MT2737, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Modem NR15, NR16, NR17, NR17R"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673755; Issue ID: MSV-4647."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-248",
                  "description": "CWE-248 Uncaught Exception",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-02T02:34:13.024Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/December-2025"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2025-20758",
        "datePublished": "2025-12-02T02:34:13.024Z",
        "dateReserved": "2024-11-01T01:21:50.397Z",
        "dateUpdated": "2025-12-02T14:37:10.220Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-20754 (GCVE-0-2025-20754)

    Vulnerability from cvelistv5 – Published: 2025-12-02 02:34 – Updated: 2025-12-02 14:39
    VLAI
    Summary
    In Modem, there is a possible system crash due to an incorrect bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689251; Issue ID: MSV-4840.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20754",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-02T14:39:36.472352Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-02T14:39:42.567Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MT2735, MT2737, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Modem NR15, NR16, NR17, NR17R"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Modem, there is a possible system crash due to an incorrect bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689251; Issue ID: MSV-4840."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-248",
                  "description": "CWE-248 Uncaught Exception",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-02T02:34:05.891Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/December-2025"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2025-20754",
        "datePublished": "2025-12-02T02:34:05.891Z",
        "dateReserved": "2024-11-01T01:21:50.397Z",
        "dateUpdated": "2025-12-02T14:39:42.567Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-20726 (GCVE-0-2025-20726)

    Vulnerability from cvelistv5 – Published: 2025-11-04 06:19 – Updated: 2026-02-26 17:47
    VLAI
    Summary
    In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672598; Issue ID: MSV-4622.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20726",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-05T04:55:37.259864Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:47:28.321Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MT2735, MT2737, MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6771, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8666, MT8667, MT8673, MT8675, MT8676, MT8678, MT8765, MT8766, MT8766R, MT8768, MT8771, MT8786, MT8788, MT8788E, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Modem LR12A, NR15, NR16, NR17, NR17R"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672598; Issue ID: MSV-4622."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-04T06:19:41.827Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/November-2025"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2025-20726",
        "datePublished": "2025-11-04T06:19:41.827Z",
        "dateReserved": "2024-11-01T01:21:50.392Z",
        "dateUpdated": "2026-02-26T17:47:28.321Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-20727 (GCVE-0-2025-20727)

    Vulnerability from cvelistv5 – Published: 2025-11-04 06:19 – Updated: 2026-02-26 17:47
    VLAI
    Summary
    In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672601; Issue ID: MSV-4623.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20727",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-05T04:55:36.469461Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:47:28.676Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MT2735, MT2737, MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6771, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8666, MT8667, MT8673, MT8675, MT8676, MT8678, MT8765, MT8766, MT8766R, MT8768, MT8771, MT8786, MT8788, MT8788E, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893",
              "vendor": "MediaTek, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "Modem LR12A, NR15, NR16, NR17, NR17R"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672601; Issue ID: MSV-4623."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-04T06:19:40.087Z",
            "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
            "shortName": "MediaTek"
          },
          "references": [
            {
              "url": "https://corp.mediatek.com/product-security-bulletin/November-2025"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "assignerShortName": "MediaTek",
        "cveId": "CVE-2025-20727",
        "datePublished": "2025-11-04T06:19:40.087Z",
        "dateReserved": "2024-11-01T01:21:50.392Z",
        "dateUpdated": "2026-02-26T17:47:28.676Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    VAR-202512-0754

    Vulnerability from variot - Updated: 2025-12-19 23:00

    In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673755; Issue ID: MSV-4647.

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202512-0754",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "nr17",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mediatek",
            "version": null
          },
          {
            "model": "nr17r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mediatek",
            "version": null
          },
          {
            "model": "nr16",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mediatek",
            "version": null
          },
          {
            "model": "nr15",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mediatek",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-20758"
          }
        ]
      },
      "cve": "CVE-2025-20758",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 1.2,
                "id": "CVE-2025-20758",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2025-20758",
                "trust": 1.0,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-20758"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673755; Issue ID: MSV-4647.",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-20758"
          }
        ],
        "trust": 1.0
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-20758",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-20758"
          }
        ]
      },
      "id": "VAR-202512-0754",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.35416666
      },
      "last_update_date": "2025-12-19T23:00:11.066000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-248",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-20758"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.0,
            "url": "https://corp.mediatek.com/product-security-bulletin/december-2025"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-20758"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-20758"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-12-02T03:16:17.187000",
            "db": "NVD",
            "id": "CVE-2025-20758"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-12-03T21:37:31.440000",
            "db": "NVD",
            "id": "CVE-2025-20758"
          }
        ]
      }
    }

    VAR-202512-1520

    Vulnerability from variot - Updated: 2025-12-19 22:38

    In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01270690; Issue ID: MSV-4301.

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202512-1520",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "nr17",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mediatek",
            "version": null
          },
          {
            "model": "nr15",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mediatek",
            "version": null
          },
          {
            "model": "nr17r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mediatek",
            "version": null
          },
          {
            "model": "nr16",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mediatek",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-20752"
          }
        ]
      },
      "cve": "CVE-2025-20752",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2025-20752",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2025-20752",
                "trust": 1.0,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-20752"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01270690; Issue ID: MSV-4301.",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-20752"
          }
        ],
        "trust": 1.0
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-20752",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-20752"
          }
        ]
      },
      "id": "VAR-202512-1520",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.35416666
      },
      "last_update_date": "2025-12-19T22:38:34.421000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-617",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-20752"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.0,
            "url": "https://corp.mediatek.com/product-security-bulletin/december-2025"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-20752"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-20752"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-12-02T03:16:16.353000",
            "db": "NVD",
            "id": "CVE-2025-20752"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-12-04T13:34:14.127000",
            "db": "NVD",
            "id": "CVE-2025-20752"
          }
        ]
      }
    }

    VAR-202511-1774

    Vulnerability from variot - Updated: 2025-11-20 23:28

    In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672601; Issue ID: MSV-4623.

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202511-1774",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "lr12a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mediatek",
            "version": null
          },
          {
            "model": "nr17r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mediatek",
            "version": null
          },
          {
            "model": "nr17",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mediatek",
            "version": null
          },
          {
            "model": "nr15",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mediatek",
            "version": null
          },
          {
            "model": "nr16",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mediatek",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-20727"
          }
        ]
      },
      "cve": "CVE-2025-20727",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.6,
                "id": "CVE-2025-20727",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2025-20727",
                "trust": 1.0,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-20727"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672601; Issue ID: MSV-4623.",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-20727"
          }
        ],
        "trust": 1.0
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-20727",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-20727"
          }
        ]
      },
      "id": "VAR-202511-1774",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.3333333266666667
      },
      "last_update_date": "2025-11-20T23:28:09.740000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-20727"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.0,
            "url": "https://corp.mediatek.com/product-security-bulletin/november-2025"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-20727"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-20727"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-11-04T07:15:34.540000",
            "db": "NVD",
            "id": "CVE-2025-20727"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-11-05T18:40:42.667000",
            "db": "NVD",
            "id": "CVE-2025-20727"
          }
        ]
      }
    }

    VAR-202511-1256

    Vulnerability from variot - Updated: 2025-11-20 23:10

    In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672598; Issue ID: MSV-4622.

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202511-1256",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "lr12a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mediatek",
            "version": null
          },
          {
            "model": "nr17r",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mediatek",
            "version": null
          },
          {
            "model": "nr17",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mediatek",
            "version": null
          },
          {
            "model": "nr15",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mediatek",
            "version": null
          },
          {
            "model": "nr16",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mediatek",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-20726"
          }
        ]
      },
      "cve": "CVE-2025-20726",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.6,
                "id": "CVE-2025-20726",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2025-20726",
                "trust": 1.0,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-20726"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672598; Issue ID: MSV-4622.",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-20726"
          }
        ],
        "trust": 1.0
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-20726",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-20726"
          }
        ]
      },
      "id": "VAR-202511-1256",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.3333333266666667
      },
      "last_update_date": "2025-11-20T23:10:23.896000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-122",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-787",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-20726"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.0,
            "url": "https://corp.mediatek.com/product-security-bulletin/november-2025"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-20726"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-20726"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-11-04T07:15:34.037000",
            "db": "NVD",
            "id": "CVE-2025-20726"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-11-05T17:16:04.053000",
            "db": "NVD",
            "id": "CVE-2025-20726"
          }
        ]
      }
    }