CVE-2026-20420
BaseFortify
Publication date: 2026-02-02
Last updated on: 2026-02-17
Assigner: MediaTek, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mediatek | nr15 | * |
| mediatek | nr16 | * |
| mediatek | nr17 | * |
| mediatek | nr17r | * |
| mediatek | mt2735 | * |
| mediatek | mt2737 | * |
| mediatek | mt6813 | * |
| mediatek | mt6815 | * |
| mediatek | mt6833 | * |
| mediatek | mt6835 | * |
| mediatek | mt6853 | * |
| mediatek | mt6855 | * |
| mediatek | mt6858 | * |
| mediatek | mt6873 | * |
| mediatek | mt6875 | * |
| mediatek | mt6877 | * |
| mediatek | mt6878 | * |
| mediatek | mt6879 | * |
| mediatek | mt6880 | * |
| mediatek | mt6883 | * |
| mediatek | mt6885 | * |
| mediatek | mt6886 | * |
| mediatek | mt6889 | * |
| mediatek | mt6890 | * |
| mediatek | mt6891 | * |
| mediatek | mt6893 | * |
| mediatek | mt6895 | * |
| mediatek | mt6896 | * |
| mediatek | mt6897 | * |
| mediatek | mt6899 | * |
| mediatek | mt6980 | * |
| mediatek | mt6983 | * |
| mediatek | mt6985 | * |
| mediatek | mt6986 | * |
| mediatek | mt6989 | * |
| mediatek | mt6990 | * |
| mediatek | mt6991 | * |
| mediatek | mt6993 | * |
| mediatek | mt8676 | * |
| mediatek | mt8791 | * |
| mediatek | nr15 | * |
| mediatek | nr16 | * |
| mediatek | nr17 | * |
| mediatek | nr17r | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the modem due to incorrect error handling, which can cause the system to crash. An attacker controlling a rogue base station can exploit this by having a user equipment (UE) connect to it, leading to a remote denial of service without needing any additional execution privileges or user interaction.
How can this vulnerability impact me? :
The vulnerability can cause a remote denial of service on the affected modem system, potentially disrupting normal device operation and connectivity when a UE connects to a malicious rogue base station controlled by an attacker.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch identified as MOLY01738313 to fix the issue. Avoid connecting to untrusted or rogue base stations to prevent exploitation. No user interaction is needed for exploitation, so ensure your modem firmware is updated promptly.