CVE-2026-20450
Modem Remote Denial of Service via Error Handling Flaw
Publication date: 2026-05-04
Last updated on: 2026-05-04
Assigner: MediaTek, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mediatek | modem | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-617 | The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, apply the security patch identified as MOLY01753620 provided by MediaTek.
Ensure that your device OEM has integrated this patch into your device firmware or software updates.
Avoid connecting to unknown or rogue base stations to reduce the risk of exploitation.
Can you explain this vulnerability to me?
This vulnerability exists in a modem where incorrect error handling can cause a system crash.
An attacker can exploit this by setting up a rogue base station that a user equipment (UE) connects to, leading to a remote denial of service without requiring any user interaction or additional execution privileges.
How can this vulnerability impact me? :
The primary impact of this vulnerability is a remote denial of service condition on the affected modem.
This means that if your device connects to a malicious base station controlled by an attacker, the device could crash and become unavailable.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.