Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2026-AVI-0231
Vulnerability from certfr_avis - Published: 2026-03-03 - Updated: 2026-03-03
De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Google indique que la vulnérabilité CVE-2026-21385 est activement exploitée.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Android versions ant\u00e9rieures \u00e0 14, 15, 16, 16-qpr2 sans les correctifs de mars 2026",
"product": {
"name": "Android",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-61612",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61612"
},
{
"name": "CVE-2026-0005",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0005"
},
{
"name": "CVE-2026-20403",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20403"
},
{
"name": "CVE-2025-58409",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58409"
},
{
"name": "CVE-2025-48644",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48644"
},
{
"name": "CVE-2025-48544",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48544"
},
{
"name": "CVE-2026-20425",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20425"
},
{
"name": "CVE-2025-47398",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47398"
},
{
"name": "CVE-2026-0015",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0015"
},
{
"name": "CVE-2026-20422",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20422"
},
{
"name": "CVE-2025-64783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64783"
},
{
"name": "CVE-2026-0026",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0026"
},
{
"name": "CVE-2026-0014",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0014"
},
{
"name": "CVE-2026-20406",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20406"
},
{
"name": "CVE-2025-48577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48577"
},
{
"name": "CVE-2024-43766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43766"
},
{
"name": "CVE-2025-58407",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58407"
},
{
"name": "CVE-2026-21735",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21735"
},
{
"name": "CVE-2026-0013",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0013"
},
{
"name": "CVE-2025-47388",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47388"
},
{
"name": "CVE-2025-61616",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61616"
},
{
"name": "CVE-2025-58411",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58411"
},
{
"name": "CVE-2025-47339",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47339"
},
{
"name": "CVE-2025-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2879"
},
{
"name": "CVE-2026-20426",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20426"
},
{
"name": "CVE-2026-0030",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0030"
},
{
"name": "CVE-2025-48578",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48578"
},
{
"name": "CVE-2026-20428",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20428"
},
{
"name": "CVE-2025-48568",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48568"
},
{
"name": "CVE-2025-48641",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48641"
},
{
"name": "CVE-2025-47366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47366"
},
{
"name": "CVE-2025-48650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48650"
},
{
"name": "CVE-2026-0011",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0011"
},
{
"name": "CVE-2026-20420",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20420"
},
{
"name": "CVE-2026-0023",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0023"
},
{
"name": "CVE-2026-20401",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20401"
},
{
"name": "CVE-2026-0017",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0017"
},
{
"name": "CVE-2025-58408",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58408"
},
{
"name": "CVE-2025-47397",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47397"
},
{
"name": "CVE-2025-13952",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13952"
},
{
"name": "CVE-2026-0031",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0031"
},
{
"name": "CVE-2025-47395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47395"
},
{
"name": "CVE-2026-20404",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20404"
},
{
"name": "CVE-2026-0020",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0020"
},
{
"name": "CVE-2025-48630",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48630"
},
{
"name": "CVE-2025-48585",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48585"
},
{
"name": "CVE-2025-48635",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48635"
},
{
"name": "CVE-2025-48567",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48567"
},
{
"name": "CVE-2025-48574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48574"
},
{
"name": "CVE-2026-0035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0035"
},
{
"name": "CVE-2026-0024",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0024"
},
{
"name": "CVE-2025-64893",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64893"
},
{
"name": "CVE-2025-48634",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48634"
},
{
"name": "CVE-2025-47396",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47396"
},
{
"name": "CVE-2025-48653",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48653"
},
{
"name": "CVE-2026-0032",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0032"
},
{
"name": "CVE-2026-20427",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20427"
},
{
"name": "CVE-2025-38616",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38616"
},
{
"name": "CVE-2025-69279",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69279"
},
{
"name": "CVE-2026-20434",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20434"
},
{
"name": "CVE-2025-48642",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48642"
},
{
"name": "CVE-2026-0025",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0025"
},
{
"name": "CVE-2025-20761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20761"
},
{
"name": "CVE-2025-10865",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10865"
},
{
"name": "CVE-2025-48587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48587"
},
{
"name": "CVE-2026-0038",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0038"
},
{
"name": "CVE-2025-48619",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48619"
},
{
"name": "CVE-2025-47378",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47378"
},
{
"name": "CVE-2025-48613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48613"
},
{
"name": "CVE-2025-47402",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47402"
},
{
"name": "CVE-2025-47346",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47346"
},
{
"name": "CVE-2026-0006",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0006"
},
{
"name": "CVE-2025-40266",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40266"
},
{
"name": "CVE-2025-69278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69278"
},
{
"name": "CVE-2026-20421",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20421"
},
{
"name": "CVE-2025-48646",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48646"
},
{
"name": "CVE-2025-48609",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48609"
},
{
"name": "CVE-2025-47394",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47394"
},
{
"name": "CVE-2025-48631",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48631"
},
{
"name": "CVE-2026-0010",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0010"
},
{
"name": "CVE-2025-61614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61614"
},
{
"name": "CVE-2025-32313",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32313"
},
{
"name": "CVE-2026-20402",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20402"
},
{
"name": "CVE-2026-21385",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21385"
},
{
"name": "CVE-2025-47385",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47385"
},
{
"name": "CVE-2026-0007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0007"
},
{
"name": "CVE-2025-20794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20794"
},
{
"name": "CVE-2026-0034",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0034"
},
{
"name": "CVE-2026-0012",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0012"
},
{
"name": "CVE-2026-0008",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0008"
},
{
"name": "CVE-2026-0047",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0047"
},
{
"name": "CVE-2024-43859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43859"
},
{
"name": "CVE-2025-48602",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48602"
},
{
"name": "CVE-2025-61615",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61615"
},
{
"name": "CVE-2026-0028",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0028"
},
{
"name": "CVE-2025-48654",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48654"
},
{
"name": "CVE-2025-48605",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48605"
},
{
"name": "CVE-2025-47348",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47348"
},
{
"name": "CVE-2025-20795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20795"
},
{
"name": "CVE-2025-59600",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59600"
},
{
"name": "CVE-2025-20760",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20760"
},
{
"name": "CVE-2025-64784",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64784"
},
{
"name": "CVE-2025-61613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61613"
},
{
"name": "CVE-2025-20762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20762"
},
{
"name": "CVE-2025-38618",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38618"
},
{
"name": "CVE-2025-20793",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20793"
},
{
"name": "CVE-2025-48582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48582"
},
{
"name": "CVE-2026-0027",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0027"
},
{
"name": "CVE-2025-39946",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39946"
},
{
"name": "CVE-2026-0021",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0021"
},
{
"name": "CVE-2025-39682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39682"
},
{
"name": "CVE-2026-0037",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0037"
},
{
"name": "CVE-2025-48645",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48645"
},
{
"name": "CVE-2025-48579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48579"
},
{
"name": "CVE-2026-20405",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20405"
},
{
"name": "CVE-2026-0029",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0029"
}
],
"initial_release_date": "2026-03-03T00:00:00",
"last_revision_date": "2026-03-03T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0231",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Android. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nGoogle indique que la vuln\u00e9rabilit\u00e9 CVE-2026-21385 est activement exploit\u00e9e.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
"vendor_advisories": [
{
"published_at": "2026-03-02",
"title": "Bulletin de s\u00e9curit\u00e9 Google Android",
"url": "https://source.android.com/docs/security/bulletin/2026/2026-03-01?hl=fr"
}
]
}
CVE-2026-20401 (GCVE-0-2026-20401)
Vulnerability from cvelistv5 – Published: 2026-02-02 08:14 – Updated: 2026-03-30 13:02
VLAI
EPSS
Summary
In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738310; Issue ID: MSV-5933.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-617 - Reachable Assertion
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT2735
Affected: MT6833 Affected: MT6853 Affected: MT6855 Affected: MT6873 Affected: MT6875 Affected: MT6877 Affected: MT6880 Affected: MT6883 Affected: MT6885 Affected: MT6889 Affected: MT6890 Affected: MT6891 Affected: MT6893 Affected: MT8675 Affected: MT8771 Affected: MT8791 Affected: MT8791T Affected: MT8797 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-20401",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T17:56:56.526259Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:18:07.056Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT2735"
},
{
"status": "affected",
"version": "MT6833"
},
{
"status": "affected",
"version": "MT6853"
},
{
"status": "affected",
"version": "MT6855"
},
{
"status": "affected",
"version": "MT6873"
},
{
"status": "affected",
"version": "MT6875"
},
{
"status": "affected",
"version": "MT6877"
},
{
"status": "affected",
"version": "MT6880"
},
{
"status": "affected",
"version": "MT6883"
},
{
"status": "affected",
"version": "MT6885"
},
{
"status": "affected",
"version": "MT6889"
},
{
"status": "affected",
"version": "MT6890"
},
{
"status": "affected",
"version": "MT6891"
},
{
"status": "affected",
"version": "MT6893"
},
{
"status": "affected",
"version": "MT8675"
},
{
"status": "affected",
"version": "MT8771"
},
{
"status": "affected",
"version": "MT8791"
},
{
"status": "affected",
"version": "MT8791T"
},
{
"status": "affected",
"version": "MT8797"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738310; Issue ID: MSV-5933."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617 Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T13:02:32.990Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/February-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2026-20401",
"datePublished": "2026-02-02T08:14:35.625Z",
"dateReserved": "2025-11-03T01:30:59.006Z",
"dateUpdated": "2026-03-30T13:02:32.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20402 (GCVE-0-2026-20402)
Vulnerability from cvelistv5 – Published: 2026-02-02 08:14 – Updated: 2026-03-30 13:02
VLAI
EPSS
Summary
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00693083; Issue ID: MSV-5928.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT2735
Affected: MT6833 Affected: MT6853 Affected: MT6855 Affected: MT6873 Affected: MT6875 Affected: MT6877 Affected: MT6880 Affected: MT6883 Affected: MT6885 Affected: MT6889 Affected: MT6890 Affected: MT6891 Affected: MT6893 Affected: MT8675 Affected: MT8771 Affected: MT8791 Affected: MT8791T Affected: MT8797 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-20402",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T14:17:13.680775Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:17:23.584Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT2735"
},
{
"status": "affected",
"version": "MT6833"
},
{
"status": "affected",
"version": "MT6853"
},
{
"status": "affected",
"version": "MT6855"
},
{
"status": "affected",
"version": "MT6873"
},
{
"status": "affected",
"version": "MT6875"
},
{
"status": "affected",
"version": "MT6877"
},
{
"status": "affected",
"version": "MT6880"
},
{
"status": "affected",
"version": "MT6883"
},
{
"status": "affected",
"version": "MT6885"
},
{
"status": "affected",
"version": "MT6889"
},
{
"status": "affected",
"version": "MT6890"
},
{
"status": "affected",
"version": "MT6891"
},
{
"status": "affected",
"version": "MT6893"
},
{
"status": "affected",
"version": "MT8675"
},
{
"status": "affected",
"version": "MT8771"
},
{
"status": "affected",
"version": "MT8791"
},
{
"status": "affected",
"version": "MT8791T"
},
{
"status": "affected",
"version": "MT8797"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00693083; Issue ID: MSV-5928."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T13:02:35.777Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/February-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2026-20402",
"datePublished": "2026-02-02T08:14:38.923Z",
"dateReserved": "2025-11-03T01:30:59.007Z",
"dateUpdated": "2026-03-30T13:02:35.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20403 (GCVE-0-2026-20403)
Vulnerability from cvelistv5 – Published: 2026-02-02 08:14 – Updated: 2026-03-30 13:02
VLAI
EPSS
Summary
In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689254 (Note: For N15 and NR16) / MOLY01689259 (Note: For NR17 and NR17R); Issue ID: MSV-4843.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT2735
Affected: MT2737 Affected: MT6813 Affected: MT6815 Affected: MT6833 Affected: MT6835 Affected: MT6853 Affected: MT6855 Affected: MT6873 Affected: MT6875 Affected: MT6877 Affected: MT6878 Affected: MT6879 Affected: MT6880 Affected: MT6883 Affected: MT6885 Affected: MT6886 Affected: MT6889 Affected: MT6890 Affected: MT6891 Affected: MT6893 Affected: MT6895 Affected: MT6896 Affected: MT6897 Affected: MT6899 Affected: MT6980 Affected: MT6983 Affected: MT6985 Affected: MT6989 Affected: MT6990 Affected: MT6991 Affected: MT6993 Affected: MT8673 Affected: MT8675 Affected: MT8676 Affected: MT8771 Affected: MT8791 Affected: MT8791T Affected: MT8795T Affected: MT8797 Affected: MT8798 Affected: MT8893 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-20403",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T14:15:17.296300Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:15:26.288Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT2735"
},
{
"status": "affected",
"version": "MT2737"
},
{
"status": "affected",
"version": "MT6813"
},
{
"status": "affected",
"version": "MT6815"
},
{
"status": "affected",
"version": "MT6833"
},
{
"status": "affected",
"version": "MT6835"
},
{
"status": "affected",
"version": "MT6853"
},
{
"status": "affected",
"version": "MT6855"
},
{
"status": "affected",
"version": "MT6873"
},
{
"status": "affected",
"version": "MT6875"
},
{
"status": "affected",
"version": "MT6877"
},
{
"status": "affected",
"version": "MT6878"
},
{
"status": "affected",
"version": "MT6879"
},
{
"status": "affected",
"version": "MT6880"
},
{
"status": "affected",
"version": "MT6883"
},
{
"status": "affected",
"version": "MT6885"
},
{
"status": "affected",
"version": "MT6886"
},
{
"status": "affected",
"version": "MT6889"
},
{
"status": "affected",
"version": "MT6890"
},
{
"status": "affected",
"version": "MT6891"
},
{
"status": "affected",
"version": "MT6893"
},
{
"status": "affected",
"version": "MT6895"
},
{
"status": "affected",
"version": "MT6896"
},
{
"status": "affected",
"version": "MT6897"
},
{
"status": "affected",
"version": "MT6899"
},
{
"status": "affected",
"version": "MT6980"
},
{
"status": "affected",
"version": "MT6983"
},
{
"status": "affected",
"version": "MT6985"
},
{
"status": "affected",
"version": "MT6989"
},
{
"status": "affected",
"version": "MT6990"
},
{
"status": "affected",
"version": "MT6991"
},
{
"status": "affected",
"version": "MT6993"
},
{
"status": "affected",
"version": "MT8673"
},
{
"status": "affected",
"version": "MT8675"
},
{
"status": "affected",
"version": "MT8676"
},
{
"status": "affected",
"version": "MT8771"
},
{
"status": "affected",
"version": "MT8791"
},
{
"status": "affected",
"version": "MT8791T"
},
{
"status": "affected",
"version": "MT8795T"
},
{
"status": "affected",
"version": "MT8797"
},
{
"status": "affected",
"version": "MT8798"
},
{
"status": "affected",
"version": "MT8893"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689254 (Note: For N15 and NR16) / MOLY01689259 (Note: For NR17 and NR17R); Issue ID: MSV-4843."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T13:02:43.931Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/February-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2026-20403",
"datePublished": "2026-02-02T08:14:45.891Z",
"dateReserved": "2025-11-03T01:30:59.007Z",
"dateUpdated": "2026-03-30T13:02:43.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20404 (GCVE-0-2026-20404)
Vulnerability from cvelistv5 – Published: 2026-02-02 08:14 – Updated: 2026-03-30 13:02
VLAI
EPSS
Summary
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689248; Issue ID: MSV-4837.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT2735
Affected: MT2737 Affected: MT6813 Affected: MT6815 Affected: MT6833 Affected: MT6835 Affected: MT6853 Affected: MT6855 Affected: MT6858 Affected: MT6873 Affected: MT6875 Affected: MT6877 Affected: MT6878 Affected: MT6879 Affected: MT6880 Affected: MT6883 Affected: MT6885 Affected: MT6886 Affected: MT6889 Affected: MT6890 Affected: MT6891 Affected: MT6893 Affected: MT6895 Affected: MT6896 Affected: MT6897 Affected: MT6899 Affected: MT6980 Affected: MT6983 Affected: MT6985 Affected: MT6986 Affected: MT6989 Affected: MT6990 Affected: MT6991 Affected: MT6993 Affected: MT8668 Affected: MT8673 Affected: MT8675 Affected: MT8676 Affected: MT8678 Affected: MT8755 Affected: MT8771 Affected: MT8791 Affected: MT8791T Affected: MT8792 Affected: MT8793 Affected: MT8795T Affected: MT8797 Affected: MT8798 Affected: MT8863 Affected: MT8873 Affected: MT8883 Affected: MT8893 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-20404",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T14:14:30.224452Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:14:45.295Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT2735"
},
{
"status": "affected",
"version": "MT2737"
},
{
"status": "affected",
"version": "MT6813"
},
{
"status": "affected",
"version": "MT6815"
},
{
"status": "affected",
"version": "MT6833"
},
{
"status": "affected",
"version": "MT6835"
},
{
"status": "affected",
"version": "MT6853"
},
{
"status": "affected",
"version": "MT6855"
},
{
"status": "affected",
"version": "MT6858"
},
{
"status": "affected",
"version": "MT6873"
},
{
"status": "affected",
"version": "MT6875"
},
{
"status": "affected",
"version": "MT6877"
},
{
"status": "affected",
"version": "MT6878"
},
{
"status": "affected",
"version": "MT6879"
},
{
"status": "affected",
"version": "MT6880"
},
{
"status": "affected",
"version": "MT6883"
},
{
"status": "affected",
"version": "MT6885"
},
{
"status": "affected",
"version": "MT6886"
},
{
"status": "affected",
"version": "MT6889"
},
{
"status": "affected",
"version": "MT6890"
},
{
"status": "affected",
"version": "MT6891"
},
{
"status": "affected",
"version": "MT6893"
},
{
"status": "affected",
"version": "MT6895"
},
{
"status": "affected",
"version": "MT6896"
},
{
"status": "affected",
"version": "MT6897"
},
{
"status": "affected",
"version": "MT6899"
},
{
"status": "affected",
"version": "MT6980"
},
{
"status": "affected",
"version": "MT6983"
},
{
"status": "affected",
"version": "MT6985"
},
{
"status": "affected",
"version": "MT6986"
},
{
"status": "affected",
"version": "MT6989"
},
{
"status": "affected",
"version": "MT6990"
},
{
"status": "affected",
"version": "MT6991"
},
{
"status": "affected",
"version": "MT6993"
},
{
"status": "affected",
"version": "MT8668"
},
{
"status": "affected",
"version": "MT8673"
},
{
"status": "affected",
"version": "MT8675"
},
{
"status": "affected",
"version": "MT8676"
},
{
"status": "affected",
"version": "MT8678"
},
{
"status": "affected",
"version": "MT8755"
},
{
"status": "affected",
"version": "MT8771"
},
{
"status": "affected",
"version": "MT8791"
},
{
"status": "affected",
"version": "MT8791T"
},
{
"status": "affected",
"version": "MT8792"
},
{
"status": "affected",
"version": "MT8793"
},
{
"status": "affected",
"version": "MT8795T"
},
{
"status": "affected",
"version": "MT8797"
},
{
"status": "affected",
"version": "MT8798"
},
{
"status": "affected",
"version": "MT8863"
},
{
"status": "affected",
"version": "MT8873"
},
{
"status": "affected",
"version": "MT8883"
},
{
"status": "affected",
"version": "MT8893"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689248; Issue ID: MSV-4837."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T13:02:46.700Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/February-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2026-20404",
"datePublished": "2026-02-02T08:14:48.928Z",
"dateReserved": "2025-11-03T01:30:59.007Z",
"dateUpdated": "2026-03-30T13:02:46.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20405 (GCVE-0-2026-20405)
Vulnerability from cvelistv5 – Published: 2026-02-02 08:14 – Updated: 2026-03-30 13:02
VLAI
EPSS
Summary
In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01688495; Issue ID: MSV-4818.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-617 - Reachable Assertion
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT2735
Affected: MT2737 Affected: MT6813 Affected: MT6815 Affected: MT6833 Affected: MT6835 Affected: MT6853 Affected: MT6855 Affected: MT6858 Affected: MT6873 Affected: MT6875 Affected: MT6877 Affected: MT6878 Affected: MT6879 Affected: MT6880 Affected: MT6883 Affected: MT6885 Affected: MT6886 Affected: MT6889 Affected: MT6890 Affected: MT6891 Affected: MT6893 Affected: MT6895 Affected: MT6896 Affected: MT6897 Affected: MT6899 Affected: MT6980 Affected: MT6983 Affected: MT6985 Affected: MT6986 Affected: MT6989 Affected: MT6990 Affected: MT6991 Affected: MT6993 Affected: MT8668 Affected: MT8673 Affected: MT8675 Affected: MT8676 Affected: MT8678 Affected: MT8755 Affected: MT8771 Affected: MT8791 Affected: MT8791T Affected: MT8792 Affected: MT8793 Affected: MT8795T Affected: MT8797 Affected: MT8798 Affected: MT8863 Affected: MT8873 Affected: MT8883 Affected: MT8893 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-20405",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T14:14:10.553618Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:14:19.474Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT2735"
},
{
"status": "affected",
"version": "MT2737"
},
{
"status": "affected",
"version": "MT6813"
},
{
"status": "affected",
"version": "MT6815"
},
{
"status": "affected",
"version": "MT6833"
},
{
"status": "affected",
"version": "MT6835"
},
{
"status": "affected",
"version": "MT6853"
},
{
"status": "affected",
"version": "MT6855"
},
{
"status": "affected",
"version": "MT6858"
},
{
"status": "affected",
"version": "MT6873"
},
{
"status": "affected",
"version": "MT6875"
},
{
"status": "affected",
"version": "MT6877"
},
{
"status": "affected",
"version": "MT6878"
},
{
"status": "affected",
"version": "MT6879"
},
{
"status": "affected",
"version": "MT6880"
},
{
"status": "affected",
"version": "MT6883"
},
{
"status": "affected",
"version": "MT6885"
},
{
"status": "affected",
"version": "MT6886"
},
{
"status": "affected",
"version": "MT6889"
},
{
"status": "affected",
"version": "MT6890"
},
{
"status": "affected",
"version": "MT6891"
},
{
"status": "affected",
"version": "MT6893"
},
{
"status": "affected",
"version": "MT6895"
},
{
"status": "affected",
"version": "MT6896"
},
{
"status": "affected",
"version": "MT6897"
},
{
"status": "affected",
"version": "MT6899"
},
{
"status": "affected",
"version": "MT6980"
},
{
"status": "affected",
"version": "MT6983"
},
{
"status": "affected",
"version": "MT6985"
},
{
"status": "affected",
"version": "MT6986"
},
{
"status": "affected",
"version": "MT6989"
},
{
"status": "affected",
"version": "MT6990"
},
{
"status": "affected",
"version": "MT6991"
},
{
"status": "affected",
"version": "MT6993"
},
{
"status": "affected",
"version": "MT8668"
},
{
"status": "affected",
"version": "MT8673"
},
{
"status": "affected",
"version": "MT8675"
},
{
"status": "affected",
"version": "MT8676"
},
{
"status": "affected",
"version": "MT8678"
},
{
"status": "affected",
"version": "MT8755"
},
{
"status": "affected",
"version": "MT8771"
},
{
"status": "affected",
"version": "MT8791"
},
{
"status": "affected",
"version": "MT8791T"
},
{
"status": "affected",
"version": "MT8792"
},
{
"status": "affected",
"version": "MT8793"
},
{
"status": "affected",
"version": "MT8795T"
},
{
"status": "affected",
"version": "MT8797"
},
{
"status": "affected",
"version": "MT8798"
},
{
"status": "affected",
"version": "MT8863"
},
{
"status": "affected",
"version": "MT8873"
},
{
"status": "affected",
"version": "MT8883"
},
{
"status": "affected",
"version": "MT8893"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01688495; Issue ID: MSV-4818."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617 Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T13:02:49.377Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/February-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2026-20405",
"datePublished": "2026-02-02T08:14:50.854Z",
"dateReserved": "2025-11-03T01:30:59.007Z",
"dateUpdated": "2026-03-30T13:02:49.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20406 (GCVE-0-2026-20406)
Vulnerability from cvelistv5 – Published: 2026-02-02 08:14 – Updated: 2026-03-30 13:02
VLAI
EPSS
Summary
In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01726634; Issue ID: MSV-5728.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT2735
Affected: MT2737 Affected: MT6813 Affected: MT6815 Affected: MT6833 Affected: MT6835 Affected: MT6853 Affected: MT6855 Affected: MT6858 Affected: MT6873 Affected: MT6875 Affected: MT6877 Affected: MT6878 Affected: MT6879 Affected: MT6880 Affected: MT6883 Affected: MT6885 Affected: MT6886 Affected: MT6889 Affected: MT6890 Affected: MT6891 Affected: MT6893 Affected: MT6895 Affected: MT6896 Affected: MT6897 Affected: MT6899 Affected: MT6980 Affected: MT6983 Affected: MT6985 Affected: MT6986 Affected: MT6989 Affected: MT6990 Affected: MT6991 Affected: MT6993 Affected: MT8668 Affected: MT8673 Affected: MT8675 Affected: MT8676 Affected: MT8678 Affected: MT8755 Affected: MT8771 Affected: MT8791 Affected: MT8791T Affected: MT8792 Affected: MT8793 Affected: MT8795T Affected: MT8797 Affected: MT8798 Affected: MT8863 Affected: MT8873 Affected: MT8883 Affected: MT8893 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-20406",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T14:13:31.407121Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:13:54.700Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT2735"
},
{
"status": "affected",
"version": "MT2737"
},
{
"status": "affected",
"version": "MT6813"
},
{
"status": "affected",
"version": "MT6815"
},
{
"status": "affected",
"version": "MT6833"
},
{
"status": "affected",
"version": "MT6835"
},
{
"status": "affected",
"version": "MT6853"
},
{
"status": "affected",
"version": "MT6855"
},
{
"status": "affected",
"version": "MT6858"
},
{
"status": "affected",
"version": "MT6873"
},
{
"status": "affected",
"version": "MT6875"
},
{
"status": "affected",
"version": "MT6877"
},
{
"status": "affected",
"version": "MT6878"
},
{
"status": "affected",
"version": "MT6879"
},
{
"status": "affected",
"version": "MT6880"
},
{
"status": "affected",
"version": "MT6883"
},
{
"status": "affected",
"version": "MT6885"
},
{
"status": "affected",
"version": "MT6886"
},
{
"status": "affected",
"version": "MT6889"
},
{
"status": "affected",
"version": "MT6890"
},
{
"status": "affected",
"version": "MT6891"
},
{
"status": "affected",
"version": "MT6893"
},
{
"status": "affected",
"version": "MT6895"
},
{
"status": "affected",
"version": "MT6896"
},
{
"status": "affected",
"version": "MT6897"
},
{
"status": "affected",
"version": "MT6899"
},
{
"status": "affected",
"version": "MT6980"
},
{
"status": "affected",
"version": "MT6983"
},
{
"status": "affected",
"version": "MT6985"
},
{
"status": "affected",
"version": "MT6986"
},
{
"status": "affected",
"version": "MT6989"
},
{
"status": "affected",
"version": "MT6990"
},
{
"status": "affected",
"version": "MT6991"
},
{
"status": "affected",
"version": "MT6993"
},
{
"status": "affected",
"version": "MT8668"
},
{
"status": "affected",
"version": "MT8673"
},
{
"status": "affected",
"version": "MT8675"
},
{
"status": "affected",
"version": "MT8676"
},
{
"status": "affected",
"version": "MT8678"
},
{
"status": "affected",
"version": "MT8755"
},
{
"status": "affected",
"version": "MT8771"
},
{
"status": "affected",
"version": "MT8791"
},
{
"status": "affected",
"version": "MT8791T"
},
{
"status": "affected",
"version": "MT8792"
},
{
"status": "affected",
"version": "MT8793"
},
{
"status": "affected",
"version": "MT8795T"
},
{
"status": "affected",
"version": "MT8797"
},
{
"status": "affected",
"version": "MT8798"
},
{
"status": "affected",
"version": "MT8863"
},
{
"status": "affected",
"version": "MT8873"
},
{
"status": "affected",
"version": "MT8883"
},
{
"status": "affected",
"version": "MT8893"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01726634; Issue ID: MSV-5728."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T13:02:51.973Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/February-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2026-20406",
"datePublished": "2026-02-02T08:14:52.889Z",
"dateReserved": "2025-11-03T01:30:59.007Z",
"dateUpdated": "2026-03-30T13:02:51.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20420 (GCVE-0-2026-20420)
Vulnerability from cvelistv5 – Published: 2026-02-02 08:14 – Updated: 2026-03-30 13:02
VLAI
EPSS
Summary
In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738313; Issue ID: MSV-5935.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT2735
Affected: MT2737 Affected: MT6813 Affected: MT6815 Affected: MT6833 Affected: MT6835 Affected: MT6853 Affected: MT6855 Affected: MT6858 Affected: MT6873 Affected: MT6875 Affected: MT6877 Affected: MT6878 Affected: MT6879 Affected: MT6880 Affected: MT6883 Affected: MT6885 Affected: MT6886 Affected: MT6889 Affected: MT6890 Affected: MT6891 Affected: MT6893 Affected: MT6895 Affected: MT6896 Affected: MT6897 Affected: MT6899 Affected: MT6980 Affected: MT6983 Affected: MT6985 Affected: MT6986 Affected: MT6989 Affected: MT6990 Affected: MT6991 Affected: MT6993 Affected: MT8676 Affected: MT8791 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-20420",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-02T18:47:39.179344Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:18:26.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT2735"
},
{
"status": "affected",
"version": "MT2737"
},
{
"status": "affected",
"version": "MT6813"
},
{
"status": "affected",
"version": "MT6815"
},
{
"status": "affected",
"version": "MT6833"
},
{
"status": "affected",
"version": "MT6835"
},
{
"status": "affected",
"version": "MT6853"
},
{
"status": "affected",
"version": "MT6855"
},
{
"status": "affected",
"version": "MT6858"
},
{
"status": "affected",
"version": "MT6873"
},
{
"status": "affected",
"version": "MT6875"
},
{
"status": "affected",
"version": "MT6877"
},
{
"status": "affected",
"version": "MT6878"
},
{
"status": "affected",
"version": "MT6879"
},
{
"status": "affected",
"version": "MT6880"
},
{
"status": "affected",
"version": "MT6883"
},
{
"status": "affected",
"version": "MT6885"
},
{
"status": "affected",
"version": "MT6886"
},
{
"status": "affected",
"version": "MT6889"
},
{
"status": "affected",
"version": "MT6890"
},
{
"status": "affected",
"version": "MT6891"
},
{
"status": "affected",
"version": "MT6893"
},
{
"status": "affected",
"version": "MT6895"
},
{
"status": "affected",
"version": "MT6896"
},
{
"status": "affected",
"version": "MT6897"
},
{
"status": "affected",
"version": "MT6899"
},
{
"status": "affected",
"version": "MT6980"
},
{
"status": "affected",
"version": "MT6983"
},
{
"status": "affected",
"version": "MT6985"
},
{
"status": "affected",
"version": "MT6986"
},
{
"status": "affected",
"version": "MT6989"
},
{
"status": "affected",
"version": "MT6990"
},
{
"status": "affected",
"version": "MT6991"
},
{
"status": "affected",
"version": "MT6993"
},
{
"status": "affected",
"version": "MT8676"
},
{
"status": "affected",
"version": "MT8791"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738313; Issue ID: MSV-5935."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T13:02:30.303Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/February-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2026-20420",
"datePublished": "2026-02-02T08:14:32.385Z",
"dateReserved": "2025-11-03T01:30:59.010Z",
"dateUpdated": "2026-03-30T13:02:30.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20421 (GCVE-0-2026-20421)
Vulnerability from cvelistv5 – Published: 2026-02-02 08:14 – Updated: 2026-03-30 13:02
VLAI
EPSS
Summary
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738293; Issue ID: MSV-5922.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT2735
Affected: MT6833 Affected: MT6853 Affected: MT6855 Affected: MT6873 Affected: MT6875 Affected: MT6877 Affected: MT6880 Affected: MT6883 Affected: MT6885 Affected: MT6889 Affected: MT6890 Affected: MT6891 Affected: MT6893 Affected: MT8791 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-20421",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T14:16:27.641367Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:16:39.870Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT2735"
},
{
"status": "affected",
"version": "MT6833"
},
{
"status": "affected",
"version": "MT6853"
},
{
"status": "affected",
"version": "MT6855"
},
{
"status": "affected",
"version": "MT6873"
},
{
"status": "affected",
"version": "MT6875"
},
{
"status": "affected",
"version": "MT6877"
},
{
"status": "affected",
"version": "MT6880"
},
{
"status": "affected",
"version": "MT6883"
},
{
"status": "affected",
"version": "MT6885"
},
{
"status": "affected",
"version": "MT6889"
},
{
"status": "affected",
"version": "MT6890"
},
{
"status": "affected",
"version": "MT6891"
},
{
"status": "affected",
"version": "MT6893"
},
{
"status": "affected",
"version": "MT8791"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738293; Issue ID: MSV-5922."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T13:02:38.436Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/February-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2026-20421",
"datePublished": "2026-02-02T08:14:41.044Z",
"dateReserved": "2025-11-03T01:30:59.010Z",
"dateUpdated": "2026-03-30T13:02:38.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20422 (GCVE-0-2026-20422)
Vulnerability from cvelistv5 – Published: 2026-02-02 08:14 – Updated: 2026-03-30 13:02
VLAI
EPSS
Summary
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00827332; Issue ID: MSV-5919.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-617 - Reachable Assertion
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT2735
Affected: MT2737 Affected: MT6813 Affected: MT6815 Affected: MT6833 Affected: MT6835 Affected: MT6853 Affected: MT6855 Affected: MT6858 Affected: MT6873 Affected: MT6875 Affected: MT6877 Affected: MT6878 Affected: MT6879 Affected: MT6880 Affected: MT6883 Affected: MT6885 Affected: MT6886 Affected: MT6889 Affected: MT6890 Affected: MT6891 Affected: MT6893 Affected: MT6895 Affected: MT6896 Affected: MT6897 Affected: MT6899 Affected: MT6980 Affected: MT6983 Affected: MT6985 Affected: MT6986 Affected: MT6989 Affected: MT6990 Affected: MT6991 Affected: MT6993 Affected: MT8668 Affected: MT8673 Affected: MT8675 Affected: MT8676 Affected: MT8678 Affected: MT8755 Affected: MT8771 Affected: MT8775 Affected: MT8791 Affected: MT8791T Affected: MT8792 Affected: MT8793 Affected: MT8795T Affected: MT8797 Affected: MT8798 Affected: MT8863 Affected: MT8873 Affected: MT8883 Affected: MT8893 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-20422",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T14:15:42.769658Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:15:51.861Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT2735"
},
{
"status": "affected",
"version": "MT2737"
},
{
"status": "affected",
"version": "MT6813"
},
{
"status": "affected",
"version": "MT6815"
},
{
"status": "affected",
"version": "MT6833"
},
{
"status": "affected",
"version": "MT6835"
},
{
"status": "affected",
"version": "MT6853"
},
{
"status": "affected",
"version": "MT6855"
},
{
"status": "affected",
"version": "MT6858"
},
{
"status": "affected",
"version": "MT6873"
},
{
"status": "affected",
"version": "MT6875"
},
{
"status": "affected",
"version": "MT6877"
},
{
"status": "affected",
"version": "MT6878"
},
{
"status": "affected",
"version": "MT6879"
},
{
"status": "affected",
"version": "MT6880"
},
{
"status": "affected",
"version": "MT6883"
},
{
"status": "affected",
"version": "MT6885"
},
{
"status": "affected",
"version": "MT6886"
},
{
"status": "affected",
"version": "MT6889"
},
{
"status": "affected",
"version": "MT6890"
},
{
"status": "affected",
"version": "MT6891"
},
{
"status": "affected",
"version": "MT6893"
},
{
"status": "affected",
"version": "MT6895"
},
{
"status": "affected",
"version": "MT6896"
},
{
"status": "affected",
"version": "MT6897"
},
{
"status": "affected",
"version": "MT6899"
},
{
"status": "affected",
"version": "MT6980"
},
{
"status": "affected",
"version": "MT6983"
},
{
"status": "affected",
"version": "MT6985"
},
{
"status": "affected",
"version": "MT6986"
},
{
"status": "affected",
"version": "MT6989"
},
{
"status": "affected",
"version": "MT6990"
},
{
"status": "affected",
"version": "MT6991"
},
{
"status": "affected",
"version": "MT6993"
},
{
"status": "affected",
"version": "MT8668"
},
{
"status": "affected",
"version": "MT8673"
},
{
"status": "affected",
"version": "MT8675"
},
{
"status": "affected",
"version": "MT8676"
},
{
"status": "affected",
"version": "MT8678"
},
{
"status": "affected",
"version": "MT8755"
},
{
"status": "affected",
"version": "MT8771"
},
{
"status": "affected",
"version": "MT8775"
},
{
"status": "affected",
"version": "MT8791"
},
{
"status": "affected",
"version": "MT8791T"
},
{
"status": "affected",
"version": "MT8792"
},
{
"status": "affected",
"version": "MT8793"
},
{
"status": "affected",
"version": "MT8795T"
},
{
"status": "affected",
"version": "MT8797"
},
{
"status": "affected",
"version": "MT8798"
},
{
"status": "affected",
"version": "MT8863"
},
{
"status": "affected",
"version": "MT8873"
},
{
"status": "affected",
"version": "MT8883"
},
{
"status": "affected",
"version": "MT8893"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00827332; Issue ID: MSV-5919."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617 Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T13:02:41.210Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/February-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2026-20422",
"datePublished": "2026-02-02T08:14:43.190Z",
"dateReserved": "2025-11-03T01:30:59.010Z",
"dateUpdated": "2026-03-30T13:02:41.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20425 (GCVE-0-2026-20425)
Vulnerability from cvelistv5 – Published: 2026-03-02 08:38 – Updated: 2026-03-30 13:05
VLAI
EPSS
Summary
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5539.
Severity
6.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MediaTek, Inc. | MediaTek chipset |
Affected:
MT6739
Affected: MT6761 Affected: MT6765 Affected: MT6768 Affected: MT6781 Affected: MT6789 Affected: MT6833 Affected: MT6835 Affected: MT6853 Affected: MT6855 Affected: MT6877 Affected: MT6878 Affected: MT6879 Affected: MT6883 Affected: MT6885 Affected: MT6886 Affected: MT6889 Affected: MT6893 Affected: MT6895 Affected: MT6897 Affected: MT6899 Affected: MT6983 Affected: MT6985 Affected: MT6989 Affected: MT6991 Affected: MT6993 Affected: MT8196 Affected: MT8678 Affected: MT8793 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-20425",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-02T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T04:56:05.858Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MediaTek chipset",
"vendor": "MediaTek, Inc.",
"versions": [
{
"status": "affected",
"version": "MT6739"
},
{
"status": "affected",
"version": "MT6761"
},
{
"status": "affected",
"version": "MT6765"
},
{
"status": "affected",
"version": "MT6768"
},
{
"status": "affected",
"version": "MT6781"
},
{
"status": "affected",
"version": "MT6789"
},
{
"status": "affected",
"version": "MT6833"
},
{
"status": "affected",
"version": "MT6835"
},
{
"status": "affected",
"version": "MT6853"
},
{
"status": "affected",
"version": "MT6855"
},
{
"status": "affected",
"version": "MT6877"
},
{
"status": "affected",
"version": "MT6878"
},
{
"status": "affected",
"version": "MT6879"
},
{
"status": "affected",
"version": "MT6883"
},
{
"status": "affected",
"version": "MT6885"
},
{
"status": "affected",
"version": "MT6886"
},
{
"status": "affected",
"version": "MT6889"
},
{
"status": "affected",
"version": "MT6893"
},
{
"status": "affected",
"version": "MT6895"
},
{
"status": "affected",
"version": "MT6897"
},
{
"status": "affected",
"version": "MT6899"
},
{
"status": "affected",
"version": "MT6983"
},
{
"status": "affected",
"version": "MT6985"
},
{
"status": "affected",
"version": "MT6989"
},
{
"status": "affected",
"version": "MT6991"
},
{
"status": "affected",
"version": "MT6993"
},
{
"status": "affected",
"version": "MT8196"
},
{
"status": "affected",
"version": "MT8678"
},
{
"status": "affected",
"version": "MT8793"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5539."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T13:05:21.476Z",
"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"shortName": "MediaTek"
},
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/March-2026"
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
"assignerShortName": "MediaTek",
"cveId": "CVE-2026-20425",
"datePublished": "2026-03-02T08:38:59.609Z",
"dateReserved": "2025-11-03T01:30:59.010Z",
"dateUpdated": "2026-03-30T13:05:21.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…