CVE-2026-20459
Received Received - Intake

Modem Improper Input Validation Remote DoS Vulnerability

Vulnerability report for CVE-2026-20459, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-01

Last updated on: 2026-07-01

Assigner: MediaTek, Inc.

Description

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01816800; Issue ID: MSV-6842.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-01
Last Modified
2026-07-01
Generated
2026-07-01
AI Q&A
2026-07-01
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
mediatek modem *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-288 The product requires authentication, but the product has an alternate path or channel that does not require authentication.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in a modem where improper input validation can cause a system crash.

An attacker controlling a rogue base station can exploit this by having a user equipment (UE) connect to it, leading to a remote denial of service without requiring any user interaction or additional execution privileges.

Impact Analysis

The primary impact of this vulnerability is a remote denial of service condition on the affected modem.

This means that an attacker could cause the modem to crash remotely by setting up a rogue base station and having the device connect to it, potentially disrupting network connectivity and device functionality.

Mitigation Strategies

To mitigate this vulnerability, apply the patch identified as MOLY01816800 provided by the vendor.

Since the vulnerability allows remote denial of service without user interaction, ensure that your modem firmware is updated to the latest version that includes this patch.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20459. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart