CVE-2026-20431
Logic Error in Modem Causes Remote Denial of Service
Publication date: 2026-04-07
Last updated on: 2026-04-10
Assigner: MediaTek, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mediatek | mt6813_firmware | * |
| mediatek | mt6815_firmware | * |
| mediatek | mt6835_firmware | * |
| mediatek | mt6878_firmware | * |
| mediatek | mt6897_firmware | * |
| mediatek | mt6899_firmware | * |
| mediatek | mt6986_firmware | * |
| mediatek | mt6991_firmware | * |
| mediatek | mt6993_firmware | * |
| mediatek | mt8668_firmware | * |
| mediatek | mt8676_firmware | * |
| mediatek | mt8678_firmware | * |
| mediatek | mt8755_firmware | * |
| mediatek | mt8775_firmware | * |
| mediatek | mt8792_firmware | * |
| mediatek | mt8793_firmware | * |
| mediatek | mt8863_firmware | * |
| mediatek | mt8873_firmware | * |
| mediatek | mt8883_firmware | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in a modem where a logic error can cause the system to crash. Specifically, if a user equipment (UE) connects to a rogue base station controlled by an attacker, the modem may experience a system crash leading to a denial of service. Exploitation does not require any additional execution privileges or user interaction.
How can this vulnerability impact me? :
The primary impact of this vulnerability is a remote denial of service condition. An attacker controlling a rogue base station can cause the modem to crash when a UE connects to it, potentially disrupting network connectivity and service availability without needing any user action or elevated privileges.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability causes a possible system crash leading to remote denial of service without affecting confidentiality or integrity. There is no indication that personal data is compromised or exposed.
Since the vulnerability impacts availability only and does not involve data breach or unauthorized data access, its direct effect on compliance with standards like GDPR or HIPAA is limited.
However, denial of service could impact system availability requirements under these regulations, so organizations should consider mitigation to maintain compliance.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, apply the patch identified as MOLY01106496 provided by the vendor.
Avoid connecting to rogue base stations as the vulnerability can be exploited remotely without user interaction.