CVE-2026-20448
Analyzed Analyzed - Analysis Complete
Privilege Escalation in GenieZone Due to Missing Permission Check

Publication date: 2026-05-04

Last updated on: 2026-05-07

Assigner: MediaTek, Inc.

Description
In geniezone, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10708513; Issue ID: MSV-6281.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-04
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-05-04
EPSS Evaluated
2026-06-15
NVD
CVE-2026-20448
EUVD
EUVD-2026-26888
Affected Vendors & Products
Showing 22 associated CPEs
Vendor Product Version / Range
mediatek mt6765_firmware *
mediatek mt6768_firmware *
mediatek mt6789_firmware *
mediatek mt6877_firmware *
mediatek mt6897_firmware *
mediatek mt6899_firmware *
mediatek mt6989_firmware *
mediatek mt6991_firmware *
mediatek mt6993_firmware *
mediatek mt8367_firmware *
mediatek mt8766_firmware *
mediatek mt8768_firmware *
mediatek mt8775_firmware *
mediatek mt8781_firmware *
mediatek mt8786_firmware *
mediatek mt8788e_firmware *
mediatek mt8791t_firmware *
mediatek mt8792_firmware *
mediatek mt8793_firmware *
mediatek mt8796_firmware *
mediatek mt8893_firmware *
mediatek mt8910_firmware *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-280 The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in geniezone and involves a missing permission check that allows for a possible escalation of privilege.

A malicious actor who already has System privilege could exploit this flaw to escalate their privileges further without needing any user interaction.

Impact Analysis

If exploited, this vulnerability could allow an attacker with existing System privileges to gain higher privileges, potentially leading to unauthorized access or control over the affected system.

Mitigation Strategies

To mitigate this vulnerability, apply the patch identified as ALPS10708513 provided by the vendor.

Since the vulnerability involves a missing permission check leading to local privilege escalation, ensure that only trusted users have System privilege access.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20448. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart