CVE-2026-20455
Analyzed Analyzed - Analysis Complete
Out of Bounds Write in GenieZone

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: MediaTek, Inc.

Description
In geniezone, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10873936; Issue ID: MSV-6784.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-21
AI Q&A
2026-06-01
EPSS Evaluated
2026-06-20
NVD
CVE-2026-20455
EUVD
EUVD-2026-33544
Affected Vendors & Products
Showing 36 associated CPEs
Vendor Product Version / Range
mediatek mt6739_firmware *
mediatek mt6761_firmware *
mediatek mt6765_firmware *
mediatek mt6768_firmware *
mediatek mt6781_firmware *
mediatek mt6789_firmware *
mediatek mt6835_firmware *
mediatek mt6853_firmware *
mediatek mt6855_firmware *
mediatek mt6877_firmware *
mediatek mt6878_firmware *
mediatek mt6879_firmware *
mediatek mt6883_firmware *
mediatek mt6885_firmware *
mediatek mt6886_firmware *
mediatek mt6889_firmware *
mediatek mt6893_firmware *
mediatek mt6895_firmware *
mediatek mt6897_firmware *
mediatek mt6899_firmware *
mediatek mt6983_firmware *
mediatek mt6985_firmware *
mediatek mt6989_firmware *
mediatek mt6991_firmware *
mediatek mt8673_firmware *
mediatek mt8765_firmware *
mediatek mt8766_firmware *
mediatek mt8768_firmware *
mediatek mt8781_firmware *
mediatek mt8786_firmware *
mediatek mt8788_firmware *
mediatek mt8791t_firmware *
mediatek mt8793_firmware *
mediatek mt8797_firmware *
mediatek mt8798_firmware *
mediatek mt8910_firmware *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

The vulnerability can be mitigated by applying the security patch identified as ALPS10873936 provided by MediaTek.

Since the issue involves a missing bounds check leading to a possible out of bounds write, ensuring that your system is updated with the latest patches from your device OEM or MediaTek is the immediate recommended step.

Executive Summary

This vulnerability exists in geniezone and is caused by a missing bounds check which leads to a possible out of bounds write.

Such a flaw can allow a malicious actor who already has System privilege to escalate their privileges locally without needing any user interaction.

Impact Analysis

The impact of this vulnerability is local escalation of privilege.

If an attacker has already obtained System privilege, they could exploit this vulnerability to gain higher privileges on the affected system.

No user interaction is required for exploitation, which increases the risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20455. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart