CVE-2026-20405
BaseFortify
Publication date: 2026-02-02
Last updated on: 2026-02-17
Assigner: MediaTek, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mediatek | nr15 | * |
| mediatek | nr16 | * |
| mediatek | nr17 | * |
| mediatek | nr17r | * |
| mediatek | mt2735 | * |
| mediatek | mt2737 | * |
| mediatek | mt6813 | * |
| mediatek | mt6815 | * |
| mediatek | mt6833 | * |
| mediatek | mt6835 | * |
| mediatek | mt6853 | * |
| mediatek | mt6855 | * |
| mediatek | mt6858 | * |
| mediatek | mt6873 | * |
| mediatek | mt6875 | * |
| mediatek | mt6877 | * |
| mediatek | mt6878 | * |
| mediatek | mt6879 | * |
| mediatek | mt6880 | * |
| mediatek | mt6883 | * |
| mediatek | mt6885 | * |
| mediatek | mt6886 | * |
| mediatek | mt6889 | * |
| mediatek | mt6890 | * |
| mediatek | mt6891 | * |
| mediatek | mt6893 | * |
| mediatek | mt6895 | * |
| mediatek | mt6896 | * |
| mediatek | mt6897 | * |
| mediatek | mt6899 | * |
| mediatek | mt6980 | * |
| mediatek | mt6983 | * |
| mediatek | mt6985 | * |
| mediatek | mt6986 | * |
| mediatek | mt6989 | * |
| mediatek | mt6990 | * |
| mediatek | mt6991 | * |
| mediatek | mt6993 | * |
| mediatek | mt8668 | * |
| mediatek | mt8673 | * |
| mediatek | mt8675 | * |
| mediatek | mt8676 | * |
| mediatek | mt8678 | * |
| mediatek | mt8755 | * |
| mediatek | mt8771 | * |
| mediatek | mt8791 | * |
| mediatek | mt8791t | * |
| mediatek | mt8792 | * |
| mediatek | mt8793 | * |
| mediatek | mt8795t | * |
| mediatek | mt8797 | * |
| mediatek | mt8798 | * |
| mediatek | mt8863 | * |
| mediatek | mt8873 | * |
| mediatek | mt8883 | * |
| mediatek | mt8893 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-617 | The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Modem due to a missing bounds check, which can cause the system to crash. An attacker controlling a rogue base station can exploit this by having a User Equipment (UE) connect to it, leading to a remote denial of service without requiring any user interaction or additional execution privileges.
How can this vulnerability impact me? :
The vulnerability can lead to a remote denial of service condition, causing the affected modem system to crash. This can disrupt normal device operations and connectivity, potentially impacting availability and reliability of services relying on the modem.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch identified as MOLY01688495 to fix the vulnerability and prevent potential system crashes caused by rogue base stations.