CVE-2026-20455
Received Received - Intake
Out of Bounds Write in GenieZone

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: MediaTek, Inc.

Description
In geniezone, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10873936; Issue ID: MSV-6784.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-01
AI Q&A
2026-06-01
EPSS Evaluated
N/A
NVD
CVE-2026-20455
EUVD
EUVD-2026-33544
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mediatek geniezone to ALPS10873936 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in geniezone and is caused by a missing bounds check which leads to a possible out of bounds write.

Such a flaw can allow a malicious actor who already has System privilege to escalate their privileges locally without needing any user interaction.


How can this vulnerability impact me? :

The impact of this vulnerability is local escalation of privilege.

If an attacker has already obtained System privilege, they could exploit this vulnerability to gain higher privileges on the affected system.

No user interaction is required for exploitation, which increases the risk.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart