Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-20422

Summary
Assigner-MediaTek
Assigner Org ID-ee979b05-11f8-4f25-a7e0-a1fa9c190374
Published At-02 Feb, 2026 | 08:14
Updated At-30 Mar, 2026 | 13:02
Rejected At-
Credits

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00827332; Issue ID: MSV-5919.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:MediaTek
Assigner Org ID:ee979b05-11f8-4f25-a7e0-a1fa9c190374
Published At:02 Feb, 2026 | 08:14
Updated At:30 Mar, 2026 | 13:02
Rejected At:
â–¼CVE Numbering Authority (CNA)

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00827332; Issue ID: MSV-5919.

Affected Products
Vendor
MediaTek Inc.MediaTek, Inc.
Product
MediaTek chipset
Default Status
unaffected
Versions
Affected
  • MT2735
  • MT2737
  • MT6813
  • MT6815
  • MT6833
  • MT6835
  • MT6853
  • MT6855
  • MT6858
  • MT6873
  • MT6875
  • MT6877
  • MT6878
  • MT6879
  • MT6880
  • MT6883
  • MT6885
  • MT6886
  • MT6889
  • MT6890
  • MT6891
  • MT6893
  • MT6895
  • MT6896
  • MT6897
  • MT6899
  • MT6980
  • MT6983
  • MT6985
  • MT6986
  • MT6989
  • MT6990
  • MT6991
  • MT6993
  • MT8668
  • MT8673
  • MT8675
  • MT8676
  • MT8678
  • MT8755
  • MT8771
  • MT8775
  • MT8791
  • MT8791T
  • MT8792
  • MT8793
  • MT8795T
  • MT8797
  • MT8798
  • MT8863
  • MT8873
  • MT8883
  • MT8893
Problem Types
TypeCWE IDDescription
CWECWE-617CWE-617 Reachable Assertion
Type: CWE
CWE ID: CWE-617
Description: CWE-617 Reachable Assertion
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://corp.mediatek.com/product-security-bulletin/February-2026
N/A
Hyperlink: https://corp.mediatek.com/product-security-bulletin/February-2026
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@mediatek.com
Published At:02 Feb, 2026 | 09:15
Updated At:17 Feb, 2026 | 15:16

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00827332; Issue ID: MSV-5919.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches

MediaTek Inc.
mediatek
>>nr15>>-
cpe:2.3:o:mediatek:nr15:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>nr16>>-
cpe:2.3:o:mediatek:nr16:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>nr17>>-
cpe:2.3:o:mediatek:nr17:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>nr17r>>-
cpe:2.3:o:mediatek:nr17r:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt2735>>-
cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt2737>>-
cpe:2.3:h:mediatek:mt2737:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6813>>-
cpe:2.3:h:mediatek:mt6813:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6815>>-
cpe:2.3:h:mediatek:mt6815:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6833>>-
cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6835>>-
cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6853>>-
cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6855>>-
cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6858>>-
cpe:2.3:h:mediatek:mt6858:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6873>>-
cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6875>>-
cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6877>>-
cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6878>>-
cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6879>>-
cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6880>>-
cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6883>>-
cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6885>>-
cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6886>>-
cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6889>>-
cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6890>>-
cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6891>>-
cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6893>>-
cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6895>>-
cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6896>>-
cpe:2.3:h:mediatek:mt6896:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6897>>-
cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6899>>-
cpe:2.3:h:mediatek:mt6899:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6980>>-
cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6983>>-
cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6985>>-
cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6986>>-
cpe:2.3:h:mediatek:mt6986:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6989>>-
cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6990>>-
cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6991>>-
cpe:2.3:h:mediatek:mt6991:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6993>>-
cpe:2.3:h:mediatek:mt6993:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt8668>>-
cpe:2.3:h:mediatek:mt8668:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt8673>>-
cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt8675>>-
cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt8676>>-
cpe:2.3:h:mediatek:mt8676:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt8678>>-
cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt8755>>-
cpe:2.3:h:mediatek:mt8755:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt8771>>-
cpe:2.3:h:mediatek:mt8771:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt8775>>-
cpe:2.3:h:mediatek:mt8775:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt8791>>-
cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt8791t>>-
cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt8792>>-
cpe:2.3:h:mediatek:mt8792:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt8793>>-
cpe:2.3:h:mediatek:mt8793:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-617Secondarysecurity@mediatek.com
CWE ID: CWE-617
Type: Secondary
Source: security@mediatek.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://corp.mediatek.com/product-security-bulletin/February-2026security@mediatek.com
Vendor Advisory
Hyperlink: https://corp.mediatek.com/product-security-bulletin/February-2026
Source: security@mediatek.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

67Records found

CVE-2025-12131
Matching Score-4
Assigner-Silicon Labs
ShareView Details
Matching Score-4
Assigner-Silicon Labs
CVSS Score-5.3||MEDIUM
EPSS-0.22% / 12.53%
||
7 Day CHG~0.00%
Published-05 Feb, 2026 | 20:02
Updated-12 Feb, 2026 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Truncated 802.15.4 packet leads to denial of service

A truncated 802.15.4 packet can lead to an assert, resulting in a denial of service.

Action-Not Available
Vendor-silabssilabs.com
Product-simplicity_software_development_kitSimplicity SDK
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-617
Reachable Assertion
CVE-2024-7138
Matching Score-4
Assigner-Silicon Labs
ShareView Details
Matching Score-4
Assigner-Silicon Labs
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 13.97%
||
7 Day CHG~0.00%
Published-19 Dec, 2024 | 19:23
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service in Silicon Labs RS9116 Bluetooth SDK

An assert may be triggered, causing a temporary denial of service when a peer device sends a specially crafted malformed L2CAP packet. If a watchdog timer is not enabled, a hard reset is required to recover the device.

Action-Not Available
Vendor-silabs.com
Product-RS9116 Bluetooth SDK
CWE ID-CWE-617
Reachable Assertion
CVE-2025-48023
Matching Score-4
Assigner-Yokogawa Group
ShareView Details
Matching Score-4
Assigner-Yokogawa Group
CVSS Score-6||MEDIUM
EPSS-0.17% / 6.76%
||
7 Day CHG~0.00%
Published-13 Feb, 2026 | 05:00
Updated-02 Mar, 2026 | 15:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier

Action-Not Available
Vendor-yokogawaYokogawa Electric Corporation
Product-centum_vpvnet\/ip_interface_packageVnet/IP Interface Package
CWE ID-CWE-617
Reachable Assertion
CVE-2019-6472
Matching Score-4
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-4
Assigner-Internet Systems Consortium (ISC)
CVSS Score-6.5||MEDIUM
EPSS-0.80% / 51.97%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 17:22
Updated-17 Sep, 2024 | 03:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate

A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2.

Action-Not Available
Vendor-Internet Systems Consortium, Inc.
Product-keaKea
CWE ID-CWE-617
Reachable Assertion
CVE-2025-47370
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 1.70%
||
7 Day CHG+0.01%
Published-04 Nov, 2025 | 03:19
Updated-05 Nov, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reachable Assertion in BT Controller

Transient DOS when a remote device sends an invalid connection request during BT connectable LE scan.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcs9100_firmwareqcs6490sm7675qcs5430qamsrv1m_firmwaresa8150p_firmwarewcd9385wsa8835_firmwareqcc2073_firmwaresc8380xpsm8750_firmwaresnapdragon_ar1_gen_1_platform_firmwareqfw7114ar8035_firmwareqca6698aq_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwareqca6391qam8775p_firmwaresm8550psa8145p_firmwareqca8081_firmwarefastconnect_6900sa9000pqam8295p_firmwareqca8081sa8770pqca6574snapdragon_778g_5g_mobile_platform_firmwareqcs5430_firmwareqcm6490qcs8550_firmwaresa8775pwsa8830sm8735wcd9340qcc2073qcc7226snapdragon_auto_5g_modem-rf_gen_2_firmwareqcs8550sa7775p_firmwareqcs4490sa8775p_firmwaresm8550p_firmwareqcc5161_firmwarewcd9380_firmwaresnapdragon_auto_5g_modem-rf_firmwaresm7675pqca6595auqcn9012_firmwareqcm4490snapdragon_8_gen_3_mobile_platform_firmwaresa8255pqcm6490_firmwarewcd9395_firmwareqca8695ausm7325pqca6678aqwsa8845_firmwareqcn7605_firmwarewcd9370_firmwareqcn9011_firmwaresa6150p_firmwareqfw7124snapdragon_782g_mobile_platform_\(sm7325-af\)fastconnect_6900_firmwareqmp1000_firmwaresm8650q_firmwarewcn7750_firmwareqamsrv1ms3_sound_platformwsa8810_firmwaresxr2350p_firmwaresnapdragon_8_gen_2_mobile_platformsa8150psxr2250pqmp1000qcc710_firmwaresa4155pwcd9360snapdragon_ar2_gen_1_platformqca6777aq_firmwarewsa8810s5_sound_platformwcd9395snapdragon_x72_5g_modem-rf_systemwcd9378_firmwares5_sound_platform_firmwareqcc5161ar8035snapdragon_778g\+_5g_mobile_platform_\(sm7325-ae\)wsa8832_firmwarewcn6755_firmwareqcn7605sa8195p_firmwaresnapdragon_auto_4g_modemsa6150pqca6678aq_firmwaresnapdragon_8_gen_3_mobile_platformsa8155psnapdragon_778g_5g_mobile_platformssg2125p_firmwaresdx55_firmwareqca6696_firmwarewsa8832wcn3950_firmwaresnapdragon_ar1_gen_1_platformwcd9375video_collaboration_vc3_platformqcs615_firmwaresnapdragon_auto_5g_modem-rf_gen_2sm8735_firmwarewcd9390_firmwaresm7325p_firmwarewsa8815wcd9370wsa8815_firmwareqcc7225qcc7225_firmwaresnapdragon_x75_5g_modem-rf_system_firmwareqcc7228sa8145psnapdragon_7c\+_gen_3_compute_firmwaresnapdragon_ar1_gen_1_platform_\"luna1\"_firmwaresrv1hcsrb31024_firmwareqca6574_firmwareqca6698aqsxr1230psxr2230psa8155qca6584auqfw7124_firmwarewsa8845h_firmwaresnapdragon_auto_5g_modem-rfqam8650psa8620pqca6777aqsm8750p_firmwaresm8635ssg2125pqcn9012snapdragon_778g\+_5g_mobile_platform_\(sm7325-ae\)_firmwaresa7255p_firmwarewsa8845fastconnect_7800_firmwareqca6391_firmwaresa8255p_firmwaresa4150ps3_gen_2_sound_platformqca6595snapdragon_782g_mobile_platform_\(sm7325-af\)_firmwarewcn7750qcn6274_firmwarefastconnect_6700srv1h_firmwareqam8295psm8635_firmwaresa6155wsa8840sa8650pwcd9385_firmwareqam8775psnapdragon_8\+_gen_2_mobile_platformwsa8830_firmwareqca6688aqs5_gen_2_sound_platform_firmwareqam8255p_firmwaresm7675p_firmwaresa8650p_firmwaresm8635pqca6554a_firmwaressg2115p_firmwarewcd9378qca6797aq_firmwaresxr2350psnapdragon_x75_5g_modem-rf_systemqca6584au_firmwareqcs4490_firmwaresnapdragon_auto_4g_modem_firmwareqca6688aq_firmwareqcn7606_firmwaresa8620p_firmwareqam8255psa8155p_firmwareqca6595au_firmwaresa6155pqcm4490_firmwaresnapdragon_ar2_gen_1_platform_firmwaresxr2250p_firmwareqcc2076qcn6274snapdragon_7c\+_gen_3_computewsa8845hqfw7114_firmwareqca6574a_firmwareqcc710sm8635p_firmwaresnapdragon_x72_5g_modem-rf_system_firmwaresm8750snapdragon_8_gen_2_mobile_platform_firmwaresnapdragon_ar1_gen_1_platform_\"luna1\"sxr1230p_firmwareqam8650p_firmwareqca6797aqsa8770p_firmwaresm8750psm7675_firmwaresm8650qqca6554aqca8337qcn6224_firmwares3_gen_2_sound_platform_firmwaresc8380xp_firmwareqcc7226_firmwaresxr2230p_firmwareqca8695au_firmwareqca6595_firmwareqcc2076_firmwareqamsrv1hqca6574au_firmwareqcn9011wsa8835sa8155_firmwaresa6145pwcd9390srv1m_firmwaresa4150p_firmwares5_gen_2_sound_platformsa9000p_firmwareqca6787aqwcd9340_firmwaresa7775psa8195psrv1mssg2115pvideo_collaboration_vc3_platform_firmwaresa6155_firmwaresdx55sa8295pfastconnect_6700_firmwarewcd9375_firmwareqcm5430_firmwareqcm5430wcd9380qamsrv1h_firmwareqca6574ausa4155p_firmwaresa6145p_firmwaresa7255psa6155p_firmwarecsrb31024qcn7606qcs615qca8337_firmwareqca6787aq_firmwarefastconnect_7800wcd9360_firmwareqca6564au_firmwares3_sound_platform_firmwareqca6696wcn6755qca6574aqcs9100sxr2330p_firmwareqcn6224wsa8840_firmwareqca6564auqcc7228_firmwaresa8295p_firmwareqcs6490_firmwarewcn3950sxr2330pSnapdragon
CWE ID-CWE-617
Reachable Assertion
CVE-2025-47384
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 1.28%
||
7 Day CHG~0.00%
Published-02 Mar, 2026 | 16:53
Updated-05 Mar, 2026 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reachable Assertion in FW

Transient DOS when MAC configures config id greater than supported maximum value.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3988snapdragon_690_5g_mobile_platformqcm6490_firmwareqca6698aq_firmwarefastconnect_6200_firmwareqca6391wcd9370_firmwarewsa8815_firmwarefastconnect_6700_firmwaresnapdragon_865_5g_mobile_platform_firmwarewcd9360qcm5430_firmwaresm7325pwcd9375video_collaboration_vc3_platform_firmwaresnapdragon_778g\+_5g_mobile_platform_firmwaresnapdragon_888_5g_mobile_platformwcd9341_firmwaresnapdragon_865\+_5g_mobile_platform_firmwareqca6595au_firmwarewsa8810_firmwarewsa8810wcd9341wcd9375_firmwarewcd9380_firmwaresnapdragon_x53_5g_modem-rf_systemsdx57msnapdragon_870_5g_mobile_platform_firmwaresnapdragon_x53_5g_modem-rf_system_firmwaresnapdragon_888\+_5g_mobile_platformsnapdragon_480_5g_mobile_platform_firmwaresnapdragon_865\+_5g_mobile_platformqca6698aqwsa88305g_fixed_wireless_access_platformfastconnect_6800wcd9385qca6391_firmwarewcd9360_firmwaresnapdragon_782g_mobile_platform_firmwaresnapdragon_480_5g_mobile_platformfastconnect_6200qcm6490snapdragon_7c\+_gen_3_computesnapdragon_888\+_5g_mobile_platform_firmwarefastconnect_6900_firmwarewcd9380wcd9385_firmwarewcd9370snapdragon_x55_5g_modem-rf_system_firmwaresnapdragon_865_5g_mobile_platformsnapdragon_x55_5g_modem-rf_systemsnapdragon_778g\+_5g_mobile_platformsnapdragon_auto_5g_modem-rfsnapdragon_7c\+_gen_3_compute_firmwareqca6595ausnapdragon_782g_mobile_platformsdx57m_firmwaresnapdragon_888_5g_mobile_platform_firmwarewsa8835_firmwaresnapdragon_690_5g_mobile_platform_firmwaresnapdragon_480\+_5g_mobile_platformfastconnect_6900fastconnect_6700fastconnect_6800_firmwarewcn3988_firmwaresnapdragon_4_gen_1_mobile_platformwsa8835snapdragon_4_gen_1_mobile_platform_firmwareqcm5430snapdragon_695_5g_mobile_platformsnapdragon_auto_5g_modem-rf_firmware5g_fixed_wireless_access_platform_firmwareqca6574a_firmwaresnapdragon_778g_5g_mobile_platformqca6574asm7325p_firmwarewsa8815wsa8830_firmwaresnapdragon_870_5g_mobile_platformsnapdragon_695_5g_mobile_platform_firmwarevideo_collaboration_vc3_platformsnapdragon_778g_5g_mobile_platform_firmwareqca6696qca6696_firmwaresnapdragon_480\+_5g_mobile_platform_firmwareSnapdragon
CWE ID-CWE-617
Reachable Assertion
CVE-2024-23350
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 6.76%
||
7 Day CHG~0.00%
Published-05 Aug, 2024 | 14:21
Updated-26 Nov, 2024 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reachable Assertion in Multi Mode Call Processor

Permanent DOS when DL NAS transport receives multiple payloads such that one payload contains SOR container whose integrity check has failed, and the other is LPP where UE needs to send status message to network.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fastconnect_7800qca6584auqca8337_firmwaresnapdragon_x35_5g_modem-rf_system_firmwaresnapdragon_x72_5g_modem-rf_systemqcn6274_firmwareqca8337wsa8840_firmwareqca6698aqsnapdragon_x75_5g_modem-rf_system_firmwareqfw7124fastconnect_6900fastconnect_6900_firmwareqcn6224_firmwarewsa8840wcd9340qcn6274qcn6224fastconnect_7800_firmwarewsa8845hsnapdragon_x72_5g_modem-rf_system_firmwarewcd9395_firmwaresnapdragon_x75_5g_modem-rf_systemqca8081snapdragon_x35_5g_modem-rf_systemsnapdragon_auto_5g_modem-rf_gen_2qca6698aq_firmwareqca6174a_firmwareqca6174asnapdragon_auto_5g_modem-rf_gen_2_firmwareqep8111_firmwareqcc710qca6584au_firmwarewcd9395qfw7114_firmwarewsa8845ar8035wcd9340_firmwarewcd9390wcd9390_firmwaresnapdragon_8_gen_3_mobile_platform_firmwareqcc710_firmwarewsa8845_firmwarewsa8845h_firmwaresnapdragon_8_gen_3_mobile_platformqca8081_firmwareqfw7124_firmwareqfw7114qep8111ar8035_firmwareSnapdragonqca6174a_firmwareqca8337_firmwaresnapdragon_auto_5g_modem-rf_gen_2_firmwaresnapdragon_x35_5g_modem-rf_system_firmwareqca6584au_firmwareqcn6274_firmwareqep8111_firmwareqfw7114_firmwarewsa8840_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarefastconnect_6900_firmwarewcd9340_firmwareqcc710_firmwaresnapdragon_8_gen_3_mobile_platform_firmwareqcn6224_firmwarewcd9390_firmwarewsa8845_firmwarefastconnect_7800_firmwarewsa8845h_firmwaresnapdragon_x72_5g_modem-rf_system_firmwarewcd9395_firmwareqca8081_firmwareqfw7124_firmwarear8035_firmwareqca6698aq_firmware
CWE ID-CWE-617
Reachable Assertion
CVE-2024-7139
Matching Score-4
Assigner-Silicon Labs
ShareView Details
Matching Score-4
Assigner-Silicon Labs
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 22.26%
||
7 Day CHG~0.00%
Published-19 Dec, 2024 | 19:24
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service in Silicon Labs RS9116 Bluetooth SDK

Due to an unchecked buffer length, a specially crafted L2CAP packet can cause a buffer overflow. This buffer overflow triggers an assert, which results in a temporary denial of service.  If a watchdog timer is not enabled, a hard reset is required to recover the device.

Action-Not Available
Vendor-silabs.com
Product-RS9116 Bluetooth SDK
CWE ID-CWE-617
Reachable Assertion
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-44175
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.52% / 40.07%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 22:59
Updated-19 Sep, 2024 | 13:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: Receipt of a specific genuine PIM packet causes RPD crash

A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows to send specific genuine PIM packets to the device resulting in rpd to crash causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Note: This issue is not noticed when all the devices in the network are Juniper devices. This issue affects Juniper Networks: Junos OS: * All versions prior to 20.4R3-S7; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R3; * 22.4 versions prior to 22.4R3. Junos OS Evolved: * All versions prior to 22.3R3-EVO; * 22.4-EVO versions prior to 22.4R3-EVO; * 23.2-EVO versions prior to 23.2R1-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OSJunos OS Evolved
CWE ID-CWE-617
Reachable Assertion
CVE-2021-3430
Matching Score-4
Assigner-Zephyr Project
ShareView Details
Matching Score-4
Assigner-Zephyr Project
CVSS Score-6.5||MEDIUM
EPSS-0.83% / 53.07%
||
7 Day CHG~0.00%
Published-28 Jun, 2022 | 19:45
Updated-16 Sep, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BT: Assertion failure on repeated LL_CONNECTION_PARAM_REQ

Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions >= v1.14 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr

Action-Not Available
Vendor-Zephyr Project
Product-zephyrzephyr
CWE ID-CWE-617
Reachable Assertion
CVE-2025-52964
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.1||HIGH
EPSS-0.26% / 17.23%
||
7 Day CHG~0.00%
Published-11 Jul, 2025 | 15:06
Updated-23 Jan, 2026 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS and Junos OS Evolved: Receipt of a specific BGP UPDATE causes an rpd crash on devices with BGP multipath configured

A Reachable Assertion vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When the device receives a specific BGP UPDATE packet, the rpd crashes and restarts. Continuous receipt of this specific packet will cause a sustained DoS condition. For the issue to occur, BGP multipath with "pause-computation-during-churn" must be configured on the device, and the attacker must send the paths via a BGP UPDATE from a established BGP peer. This issue affects: Junos OS: * All versions before 21.4R3-S7, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S5, * from 23.2 before 23.2R2, * from 23.4 before 23.4R2. Junos OS Evolved: * All versions before 21.4R3-S7-EVO, * from 22.3 before 22.3R3-S3-EVO, * from 22.4 before 22.4R3-S5-EVO, * from 23.2 before 23.2R2-EVO, * from 23.4 before 23.4R2-EVO.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedjunosJunos OSJunos OS Evolved
CWE ID-CWE-617
Reachable Assertion
CVE-2025-48020
Matching Score-4
Assigner-Yokogawa Group
ShareView Details
Matching Score-4
Assigner-Yokogawa Group
CVSS Score-6||MEDIUM
EPSS-0.23% / 13.63%
||
7 Day CHG~0.00%
Published-13 Feb, 2026 | 04:54
Updated-02 Mar, 2026 | 15:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier

Action-Not Available
Vendor-yokogawaYokogawa Electric Corporation
Product-centum_vpvnet\/ip_interface_packageVnet/IP Interface Package
CWE ID-CWE-617
Reachable Assertion
CVE-2025-48019
Matching Score-4
Assigner-Yokogawa Group
ShareView Details
Matching Score-4
Assigner-Yokogawa Group
CVSS Score-6||MEDIUM
EPSS-0.21% / 11.47%
||
7 Day CHG~0.00%
Published-13 Feb, 2026 | 04:51
Updated-02 Mar, 2026 | 15:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier

Action-Not Available
Vendor-yokogawaYokogawa Electric Corporation
Product-centum_vpvnet\/ip_interface_packageVnet/IP Interface Package
CWE ID-CWE-617
Reachable Assertion
CVE-2025-47371
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 1.28%
||
7 Day CHG~0.00%
Published-02 Mar, 2026 | 16:53
Updated-04 Mar, 2026 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reachable Assertion in Modem

Transient DOS when an LTE RLC packet with invalid TB is received by UE.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-snapdragon_x80_5g_modem-rf_system_firmwareqcs4490wcn7861_firmwarewcn6650qcm4325_firmwaresnapdragon_8_gen_2_mobile_platform_firmwarewcd9390wcd9395_firmwarerobotics_rb2_platform_firmwarefastconnect_6200_firmwarewsa8810csra6640_firmwareqca8081_firmwarefastconnect_6700_firmwaresm7550p_firmwarewcn7880qcn6224_firmwarepalawan25qcm4490_firmwaresnapdragon_x72_5g_modem-rf_system_firmwaresnapdragon_x55_5g_modem-rf_systemsnapdragon_8_eliteqcs4490_firmware5g_fixed_wireless_access_platform_firmwaresnapdragon_7_gen_1_mobile_platform_firmwaresm7635pqcm4325sm8550p_firmwaresm6250sm8650qqcs4290snapdragon_865_5g_mobile_platform_firmwareqca6678aq_firmwarerobotics_rb2_platformsnapdragon_4_gen_2_mobile_platform_firmwaresnapdragon_x80_5g_modem-rf_systemfastconnect_6900sm8635psnapdragon_7\+_gen_2_mobile_platformwcd9390_firmwareqca8337snapdragon_6_gen_4_mobile_platformsm6250_firmwaresnapdragon_8_gen_2_mobile_platformsnapdragon_6_gen_1_mobile_platformsnapdragon_460_mobile_platform_firmwaresnapdragon_8\+_gen_1_mobile_platform_firmwareqcm2290palawan25_firmwaresnapdragon_680_4g_mobile_platformsnapdragon_6_gen_1_mobile_platform_firmwareqcn6024_firmwarefastconnect_6800sd662_firmwareqca8337_firmwaresm7675psm6225p_firmwaresnapdragon_6_gen_3_mobile_platform_firmwareqmp1000sm6650pqcn6224qmp1000_firmwaresm7675snapdragon_865\+_5g_mobile_platformwcn7861qcn6274qcn9024wcn3910sm6225psnapdragon_x72_5g_modem-rf_systemsm7550snapdragon_690_5g_mobile_platform_firmwareqcm4490qca6688aq_firmwarewcd9335qfw7124sm8750psnapdragon_8_gen_1_mobile_platformwsa8810_firmwareorne_firmwareqcs2290_firmwaresnapdragon_7_gen_1_mobile_platformsnapdragon_870_5g_mobile_platformsnapdragon_8\+_gen_1_mobile_platformwcn7881_firmwaresnapdragon_4_gen_2_mobile_platformsnapdragon_685_4g_mobile_platformsnapdragon_7c_compute_platform_firmwareqcs2290sdx61_firmwarewcd9378qca6584auqfw7124_firmwareqca6391qfw7114_firmwarewcn3988milossnapdragon_x65_5g_modem-rf_systemsnapdragon_x65_5g_modem-rf_system_firmwarewcd9371wcd9378_firmwarewcn3950fastconnect_6900_firmwareqca6174aqca6584au_firmwaresnapdragon_x75_5g_modem-rf_systemwsa8830_firmwareqca6574auqca6678aqsnapdragon_685_4g_mobile_platform_firmwarewcd9370_firmwareqcs8550_firmwareqcn9012_firmwaresnapdragon_662_mobile_platform_firmwarecsra6640snapdragon_7c_compute_platformqcc710_firmwareqcm2290_firmwaresnapdragon_865\+_5g_mobile_platform_firmwarewcn6755wcn3910_firmwareqca6698au_firmware5g_fixed_wireless_access_platformqfw7114g1_gen_1_firmwareqcn9024_firmwaresm8750p_firmwaresnapdragon_865_5g_mobile_platformwcn7860_firmwarefastconnect_6800_firmwareqca6595auqca6574asnapdragon_auto_5g_modem-rf_gen_2_firmwarefwa_gen_3_ultra_firmwarecsra6620_firmwareqca8081qcn9011sdx61netrani_firmwareqca6698aufastconnect_6200wsa8845h_firmwaresnapdragon_6_gen_3_mobile_platformsnapdragon_870_5g_mobile_platform_firmwarewsa8835_firmwarecsra6620qca6696_firmwareqca6174a_firmwarewcd9360snapdragon_690_5g_mobile_platformsm7550pqca6595au_firmwareqca6797aq_firmwareqca6574a_firmwarewcn7880_firmwaresm8550psnapdragon_auto_5g_modem-rf_firmwareqcn6274_firmwareqca6574au_firmwaresnapdragon_x75_5g_modem-rf_system_firmwarenetranisnapdragon_6_gen_4_mobile_platform_firmwarewcd9341wcd9341_firmwareqcn9012sdx71mqca6696ar8035sm8635wcd9395snapdragon_8\+_gen_2_mobile_platform_firmwarewcd9370wcn6650_firmwareqcs8550wcd9340_firmwarewcn7860sm8650q_firmwarefastconnect_6700qcc710qcs4290_firmwareqca6688aqwcd9380wcd9380_firmwaremilos_firmwareqca6698aq_firmwaresm7635p_firmwarefastconnect_7800_firmwaresnapdragon_7s_gen_3_mobile_platformwcd9371_firmwarewsa8815snapdragon_460_mobile_platformsm7675p_firmwareorneqcn9011_firmwareqca6698aqwcd9375fastconnect_7800snapdragon_7c_gen_2_compute_platform_firmwarewsa8845wsa8845hwsa8845_firmwaresm8475p_firmwaresnapdragon_680_4g_mobile_platform_firmwarewsa8835snapdragon_x55_5g_modem-rf_system_firmwaresnapdragon_8_gen_1_mobile_platform_firmwarewsa8840_firmwarewcd9375_firmwaresnapdragon_8_gen_1_firmwaresnapdragon_8_gen_1sdx71m_firmwarewcd9385_firmwarewcn6755_firmwarewsa8830fwa_gen_3_ultrasnapdragon_8_gen_3_mobile_platform_firmwarear8035_firmwaresnapdragon_662_mobile_platformsnapdragon_7c_gen_2_compute_platformsm8635p_firmwaresnapdragon_7s_gen_3_mobile_platform_firmwarewcd9340sm7675_firmwaresnapdragon_auto_5g_modem-rf_gen_2wcd9360_firmwarewcn3950_firmwarewsa8832_firmwaresm6650p_firmwarewcn3988_firmwarewcd9335_firmwaresd662g1_gen_1wsa8840snapdragon_auto_5g_modem-rfsm7550_firmwarewcd9385wsa8815_firmwarewsa8832snapdragon_8_gen_3_mobile_platformsnapdragon_7\+_gen_2_mobile_platform_firmwaresnapdragon_8_elite_firmwaresm7435snapdragon_8\+_gen_2_mobile_platformsm8475pwcn7881qca6391_firmwaresm8635_firmwaresm7435_firmwareqca6797aqqcn6024Snapdragon
CWE ID-CWE-617
Reachable Assertion
CVE-2020-1681
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.50% / 39.29%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 20:31
Updated-16 Sep, 2024 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS Evolved: Receipt of a specifically malformed NDP packet could lead to Denial of Service

Receipt of a specifically malformed NDP packet sent from the local area network (LAN) to a device running Juniper Networks Junos OS Evolved can cause the ndp process to crash, resulting in a Denial of Service (DoS). The process automatically restarts without intervention, but a continuous receipt of the malformed NDP packets could leaded to an extended Denial of Service condition. During this time, IPv6 neighbor learning will be affected. The issue occurs when parsing the incoming malformed NDP packet. Rather than simply discarding the packet, the process asserts, performing a controlled exit and restart, thereby avoiding any chance of an unhandled exception. Exploitation of this vulnerability is limited to a temporary denial of service, and cannot be leveraged to cause additional impact on the system. This issue is limited to the processing of IPv6 NDP packets. IPv4 packet processing cannot trigger, and is unaffected by this vulnerability. This issue affects all Juniper Networks Junos OS Evolved versions prior to 20.1R2-EVO. Junos OS is unaffected by this vulnerability.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedJunos OS Evolved
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CWE ID-CWE-617
Reachable Assertion
CVE-2020-13595
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.87% / 54.37%
||
7 Day CHG~0.00%
Published-31 Aug, 2020 | 14:59
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.0 through 4.2 (for ESP32 devices) returns the wrong number of completed BLE packets and triggers a reachable assertion on the host stack when receiving a packet with an MIC failure. An attacker within radio range can silently trigger the assertion (which disables the target's BLE stack) by sending a crafted sequence of BLE packets.

Action-Not Available
Vendor-espressifn/a
Product-esp-idfesp32n/a
CWE ID-CWE-617
Reachable Assertion
CVE-2019-6473
Matching Score-4
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-4
Assigner-Internet Systems Consortium (ISC)
CVSS Score-6.5||MEDIUM
EPSS-0.80% / 52.00%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 17:22
Updated-16 Sep, 2024 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate

An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process (kea-dhcp4), causing the server process to exit. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2.

Action-Not Available
Vendor-Internet Systems Consortium, Inc.
Product-keaKea
CWE ID-CWE-617
Reachable Assertion
  • Previous
  • 1
  • 2
  • Next
Details not found