CVE-2026-20453
Analyzed Analyzed - Analysis Complete
Out of Bounds Write in GenieZone

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: MediaTek, Inc.

Description
In geniezone, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10886526; Issue ID: MSV-6791.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-21
AI Q&A
2026-06-01
EPSS Evaluated
2026-06-20
NVD
CVE-2026-20453
EUVD
EUVD-2026-33542
Affected Vendors & Products
Showing 36 associated CPEs
Vendor Product Version / Range
mediatek mt6739_firmware *
mediatek mt6761_firmware *
mediatek mt6765_firmware *
mediatek mt6768_firmware *
mediatek mt6781_firmware *
mediatek mt6789_firmware *
mediatek mt6835_firmware *
mediatek mt6853_firmware *
mediatek mt6855_firmware *
mediatek mt6877_firmware *
mediatek mt6878_firmware *
mediatek mt6879_firmware *
mediatek mt6883_firmware *
mediatek mt6885_firmware *
mediatek mt6886_firmware *
mediatek mt6889_firmware *
mediatek mt6893_firmware *
mediatek mt6895_firmware *
mediatek mt6897_firmware *
mediatek mt6899_firmware *
mediatek mt6983_firmware *
mediatek mt6985_firmware *
mediatek mt6989_firmware *
mediatek mt6991_firmware *
mediatek mt8673_firmware *
mediatek mt8765_firmware *
mediatek mt8766_firmware *
mediatek mt8768_firmware *
mediatek mt8781_firmware *
mediatek mt8786_firmware *
mediatek mt8788_firmware *
mediatek mt8791t_firmware *
mediatek mt8793_firmware *
mediatek mt8797_firmware *
mediatek mt8798_firmware *
mediatek mt8910_firmware *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in geniezone and is caused by a missing bounds check that leads to a possible out of bounds write.

Because of this, a malicious actor who already has System privilege could exploit this flaw to escalate their privileges locally.

No user interaction is required to exploit this vulnerability.

Impact Analysis

If exploited, this vulnerability could allow an attacker who already has System privilege to escalate their privileges further on the affected system.

This could lead to greater control over the system, potentially allowing the attacker to perform unauthorized actions or access sensitive information.

Mitigation Strategies

To mitigate this vulnerability, apply the security patch identified as ALPS10886526 provided by MediaTek.

Since the vulnerability requires local access with System privilege, ensure that only trusted users have such privileges and monitor for any unauthorized privilege escalations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20453. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart