CVE-2026-20450
Analyzed Analyzed - Analysis Complete
Modem Remote Denial of Service via Error Handling Flaw

Publication date: 2026-05-04

Last updated on: 2026-05-07

Assigner: MediaTek, Inc.

Description
In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01753620; Issue ID: MSV-6100.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-04
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-05-04
EPSS Evaluated
2026-06-15
NVD
CVE-2026-20450
EUVD
EUVD-2026-26890
Affected Vendors & Products
Showing 51 associated CPEs
Vendor Product Version / Range
mediatek mt2735_firmware *
mediatek mt2737_firmware *
mediatek mt6833_firmware *
mediatek mt6835_firmware *
mediatek mt6853_firmware *
mediatek mt6855_firmware *
mediatek mt6858_firmware *
mediatek mt6873_firmware *
mediatek mt6875_firmware *
mediatek mt6877_firmware *
mediatek mt6878_firmware *
mediatek mt6879_firmware *
mediatek mt6880_firmware *
mediatek mt6883_firmware *
mediatek mt6885_firmware *
mediatek mt6886_firmware *
mediatek mt6889_firmware *
mediatek mt6890_firmware *
mediatek mt6891_firmware *
mediatek mt6893_firmware *
mediatek mt6895_firmware *
mediatek mt6896_firmware *
mediatek mt6897_firmware *
mediatek mt6899_firmware *
mediatek mt6980_firmware *
mediatek mt6983_firmware *
mediatek mt6985_firmware *
mediatek mt6986_firmware *
mediatek mt6989_firmware *
mediatek mt6990_firmware *
mediatek mt6991_firmware *
mediatek mt6993_firmware *
mediatek mt8668_firmware *
mediatek mt8673_firmware *
mediatek mt8675_firmware *
mediatek mt8676_firmware *
mediatek mt8678_firmware *
mediatek mt8755_firmware *
mediatek mt8771_firmware *
mediatek mt8775_firmware *
mediatek mt8791_firmware *
mediatek mt8791t_firmware *
mediatek mt8792_firmware *
mediatek mt8793_firmware *
mediatek mt8795t_firmware *
mediatek mt8797_firmware *
mediatek mt8798_firmware *
mediatek mt8863_firmware *
mediatek mt8873_firmware *
mediatek mt8883_firmware *
mediatek mt8893_firmware *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-617 The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in a modem where incorrect error handling can cause a system crash.

An attacker can exploit this by setting up a rogue base station that a user equipment (UE) connects to, leading to a remote denial of service without requiring any user interaction or additional execution privileges.

Mitigation Strategies

To mitigate this vulnerability, apply the security patch identified as MOLY01753620 provided by MediaTek.

Ensure that your device OEM has integrated this patch into your device firmware or software updates.

Avoid connecting to unknown or rogue base stations to reduce the risk of exploitation.

Impact Analysis

The primary impact of this vulnerability is a remote denial of service condition on the affected modem.

This means that if your device connects to a malicious base station controlled by an attacker, the device could crash and become unavailable.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20450. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart