CVE-2026-20448
Privilege Escalation in GenieZone Due to Missing Permission Check
Publication date: 2026-05-04
Last updated on: 2026-05-04
Assigner: MediaTek, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mediatek | geniezone | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-280 | The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in geniezone and involves a missing permission check that allows for a possible escalation of privilege.
A malicious actor who already has System privilege could exploit this flaw to escalate their privileges further without needing any user interaction.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker with existing System privileges to gain higher privileges, potentially leading to unauthorized access or control over the affected system.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, apply the patch identified as ALPS10708513 provided by the vendor.
Since the vulnerability involves a missing permission check leading to local privilege escalation, ensure that only trusted users have System privilege access.