CVE-2026-20448
Analyzed Analyzed - Analysis Complete

Privilege Escalation in GenieZone Due to Missing Permission Check

Vulnerability report for CVE-2026-20448, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-04

Last updated on: 2026-05-07

Assigner: MediaTek, Inc.

Description

In geniezone, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10708513; Issue ID: MSV-6281.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-04
Last Modified
2026-05-07
Generated
2026-07-06
AI Q&A
2026-05-04
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 22 associated CPEs
Vendor Product Version / Range
mediatek mt6765_firmware *
mediatek mt6768_firmware *
mediatek mt6789_firmware *
mediatek mt6877_firmware *
mediatek mt6897_firmware *
mediatek mt6899_firmware *
mediatek mt6989_firmware *
mediatek mt6991_firmware *
mediatek mt6993_firmware *
mediatek mt8367_firmware *
mediatek mt8766_firmware *
mediatek mt8768_firmware *
mediatek mt8775_firmware *
mediatek mt8781_firmware *
mediatek mt8786_firmware *
mediatek mt8788e_firmware *
mediatek mt8791t_firmware *
mediatek mt8792_firmware *
mediatek mt8793_firmware *
mediatek mt8796_firmware *
mediatek mt8893_firmware *
mediatek mt8910_firmware *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-280 The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in geniezone and involves a missing permission check that allows for a possible escalation of privilege.

A malicious actor who already has System privilege could exploit this flaw to escalate their privileges further without needing any user interaction.

Impact Analysis

If exploited, this vulnerability could allow an attacker with existing System privileges to gain higher privileges, potentially leading to unauthorized access or control over the affected system.

Mitigation Strategies

To mitigate this vulnerability, apply the patch identified as ALPS10708513 provided by the vendor.

Since the vulnerability involves a missing permission check leading to local privilege escalation, ensure that only trusted users have System privilege access.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20448. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart