Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-20449

Summary
Assigner-MediaTek
Assigner Org ID-ee979b05-11f8-4f25-a7e0-a1fa9c190374
Published At-04 May, 2026 | 05:41
Updated At-04 May, 2026 | 12:59
Rejected At-
Credits

In Modem, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01760138; Issue ID: MSV-6148.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:MediaTek
Assigner Org ID:ee979b05-11f8-4f25-a7e0-a1fa9c190374
Published At:04 May, 2026 | 05:41
Updated At:04 May, 2026 | 12:59
Rejected At:
â–¼CVE Numbering Authority (CNA)

In Modem, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01760138; Issue ID: MSV-6148.

Affected Products
Vendor
MediaTek Inc.MediaTek, Inc.
Product
MediaTek chipset
Default Status
unaffected
Versions
Affected
  • MT2735
  • MT2737
  • MT6739
  • MT6761
  • MT6762
  • MT6763
  • MT6765
  • MT6767
  • MT6768
  • MT6769
  • MT6771
  • MT6779
  • MT6781
  • MT6783
  • MT6785
  • MT6789
  • MT6813
  • MT6815
  • MT6833
  • MT6835
  • MT6853
  • MT6855
  • MT6858
  • MT6873
  • MT6875
  • MT6877
  • MT6878
  • MT6879
  • MT6880
  • MT6883
  • MT6885
  • MT6886
  • MT6889
  • MT6890
  • MT6891
  • MT6893
  • MT6895
  • MT6896
  • MT6897
  • MT6899
  • MT6980
  • MT6983
  • MT6985
  • MT6986D
  • MT6988
  • MT6989
  • MT6990
  • MT6991
  • MT6993
  • MT8668
  • MT8673
  • MT8675
  • MT8676
  • MT8678
  • MT8755
  • MT8771
  • MT8775
  • MT8791
  • MT8791T
  • MT8792
  • MT8793
  • MT8795T
  • MT8797
  • MT8798
  • MT8863
  • MT8873
  • MT8883
  • MT8893
Problem Types
TypeCWE IDDescription
CWECWE-120CWE-120 Classic Buffer Overflow
Type: CWE
CWE ID: CWE-120
Description: CWE-120 Classic Buffer Overflow
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://corp.mediatek.com/product-security-bulletin/May-2026
N/A
Hyperlink: https://corp.mediatek.com/product-security-bulletin/May-2026
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@mediatek.com
Published At:04 May, 2026 | 07:15
Updated At:07 May, 2026 | 12:43

In Modem, there is a possible system crash due to a heap buffer overflow. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01760138; Issue ID: MSV-6148.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
MediaTek Inc.
mediatek
>>mt6763_firmware>>-
cpe:2.3:o:mediatek:mt6763_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6763>>-
cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6765_firmware>>-
cpe:2.3:o:mediatek:mt6765_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6765>>-
cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6767_firmware>>-
cpe:2.3:o:mediatek:mt6767_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6767>>-
cpe:2.3:h:mediatek:mt6767:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6768_firmware>>-
cpe:2.3:o:mediatek:mt6768_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6768>>-
cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6769_firmware>>-
cpe:2.3:o:mediatek:mt6769_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6769>>-
cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6771_firmware>>-
cpe:2.3:o:mediatek:mt6771_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6771>>-
cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6779_firmware>>-
cpe:2.3:o:mediatek:mt6779_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6779>>-
cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6781_firmware>>-
cpe:2.3:o:mediatek:mt6781_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6781>>-
cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6783_firmware>>-
cpe:2.3:o:mediatek:mt6783_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6783>>-
cpe:2.3:h:mediatek:mt6783:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6785_firmware>>-
cpe:2.3:o:mediatek:mt6785_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6785>>-
cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6789_firmware>>-
cpe:2.3:o:mediatek:mt6789_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6789>>-
cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6813_firmware>>-
cpe:2.3:o:mediatek:mt6813_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6813>>-
cpe:2.3:h:mediatek:mt6813:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6815_firmware>>-
cpe:2.3:o:mediatek:mt6815_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6815>>-
cpe:2.3:h:mediatek:mt6815:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6833_firmware>>-
cpe:2.3:o:mediatek:mt6833_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6833>>-
cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6835_firmware>>-
cpe:2.3:o:mediatek:mt6835_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6835>>-
cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6853_firmware>>-
cpe:2.3:o:mediatek:mt6853_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6853>>-
cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6855_firmware>>-
cpe:2.3:o:mediatek:mt6855_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6855>>-
cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6858_firmware>>-
cpe:2.3:o:mediatek:mt6858_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6858>>-
cpe:2.3:h:mediatek:mt6858:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6873_firmware>>-
cpe:2.3:o:mediatek:mt6873_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6873>>-
cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6875_firmware>>-
cpe:2.3:o:mediatek:mt6875_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6875>>-
cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6877_firmware>>-
cpe:2.3:o:mediatek:mt6877_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6877>>-
cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6878_firmware>>-
cpe:2.3:o:mediatek:mt6878_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6878>>-
cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6879_firmware>>-
cpe:2.3:o:mediatek:mt6879_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6879>>-
cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6880_firmware>>-
cpe:2.3:o:mediatek:mt6880_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6880>>-
cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6883_firmware>>-
cpe:2.3:o:mediatek:mt6883_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6883>>-
cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-120Secondarysecurity@mediatek.com
CWE ID: CWE-120
Type: Secondary
Source: security@mediatek.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://corp.mediatek.com/product-security-bulletin/May-2026security@mediatek.com
Vendor Advisory
Hyperlink: https://corp.mediatek.com/product-security-bulletin/May-2026
Source: security@mediatek.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

92Records found
CVE-2025-20756
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.44%
||
7 Day CHG-0.02%
Published-02 Dec, 2025 | 02:34
Updated-17 Feb, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673749; Issue ID: MSV-4643.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt8673mt8893mt8755mt6853tmt8791tmt6883mt8793mt6855mt6833pmt2735mt8873mt6890mt6893mt6877tmt8863mt6875tmt6853mt8795tmt8798mt8791mt8678mt6833mt6873mt6880mt8797nr15mt8771mt8792mt6877mt6891mt8675mt6875mt6855tmt8676mt6889mt6885mt8883mt6877ttMT2735, MT6833, MT6833P, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893
CWE ID-CWE-1287
Improper Validation of Specified Type of Input
CVE-2025-20757
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 13.83%
||
7 Day CHG+0.01%
Published-02 Dec, 2025 | 02:34
Updated-17 Feb, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673751; Issue ID: MSV-4644.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt6853tmt8791tmt6883nr15mt6855mt8771mt6833pmt2735mt6890mt6893mt6877tmt6877mt6875tmt6853mt6891mt8675mt8797mt6875mt8791mt6885mt6855tmt6833mt6889mt6873mt6877ttmt6880MT2735, MT6833, MT6833P, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8675, MT8771, MT8791, MT8791T, MT8797
CWE ID-CWE-617
Reachable Assertion
CVE-2025-20761
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.69%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 01:46
Updated-30 Mar, 2026 | 13:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01311265; Issue ID: MSV-4655.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt8673mt8893mt8755nr16mt6879mt6989mt6853tmt8791tmt6883mt6897nr17mt8793mt6855mt6833pmt6985mt2735mt8873mt6890mt6893mt6877tmt8863mt6980mt6875tmt6853mt8795tmt2737mt6835tmt8798mt8791mt6990mt8678mt6833mt6873mt6880mt6983tmt8797mt6985tnr15mt6895mt6896mt8771mt8792mt6983mt6877mt6886mt6895ttmt6891mt8675mt6980dmt6875mt6855tmt8676mt6989tmt6889mt6885mt8883mt6877ttmt6835MediaTek chipset
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2025-20678
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.19%
||
7 Day CHG~0.00%
Published-02 Jun, 2025 | 02:29
Updated-17 Feb, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ims service, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01394606; Issue ID: MSV-2739.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt8893mt8788mt6879mt6989mt6853tmt8791tmt6813mt6883nr17lr13mt6833pmt6762mt6769tmt8873mt8786mt6890mt6893mt6878mmt6877tmt6771mt6980mt6875tmt8768nr17rmt6769zmt8798mt6835tmt8791mt6990mt6833mt6873mt6983tmt6785nr15lr12amt8766rmt8771mt8765mt6767mt6783mt6895ttmt6891mt6779mt6875mt6769kmt6855tmt8676mt6765tmt6885mt6991mt6835mt8666mt6739mt8673nr16mt6897mt6855mt6789mt6985mt6781mt8863mt6768mt6853mt6762dmt8795tmt6889mt8667mt8788emt6878mt6880mt8797mt6985tmt6895mt6896mt8766mt8781mt6762mmt6983mt6769mt6877mt6886mt8789mt6765mt6761mt8675mt6899mt6785tmt6769smt6989tmt6763mt6877ttmt6785umt8883mt8678MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6771, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6785U, MT6789, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8666, MT8667, MT8673, MT8675, MT8676, MT8678, MT8765, MT8766, MT8766R, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8789, MT8791, MT8791T, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2025-20694
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.62%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 02:00
Updated-14 Jul, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09752821; Issue ID: MSV-3342.

Action-Not Available
Vendor-Google LLCOpenWrtMediaTek Inc.
Product-mt7927mt8516mt6990mt6989mt8115mt8113mt8370mt6991mt8519mt8169mt8390mt8195mt8391mt8796mt7925mt8512mt8186mt6653mt2718software_development_kitandroidmt8893mt8168mt8163mt8786mt8792mt8695mt8696mt8395mt8188mt8196mt8183mt8678mt8127mt6639mt6985openwrtmt8676mt8698mt8173MT2718, MT6639, MT6653, MT6985, MT6989, MT6990, MT6991, MT7925, MT7927, MT8113, MT8115, MT8127, MT8163, MT8168, MT8169, MT8173, MT8183, MT8186, MT8188, MT8195, MT8196, MT8370, MT8390, MT8391, MT8395, MT8512, MT8516, MT8519, MT8676, MT8678, MT8695, MT8696, MT8698, MT8786, MT8792, MT8796, MT8893
CWE ID-CWE-124
Buffer Underwrite ('Buffer Underflow')
CVE-2025-20647
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.73% / 72.76%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 02:25
Updated-17 Feb, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00791311 / MOLY01067019; Issue ID: MSV-2721.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt8788mt6879mt6989mt6853tmt8791tmt6883mt6833pmt6762mt6769tmt8786mt6890mt6893mt6877tmt6771mt6980mt6875tmt8768mt6769zmt8798mt8791mt6990mt6833mt6873mt6983tmt6785nr15mt8765mt6767mt6783mt6895ttmt6891mt6779mt6980dmt6875mt6769kmt6855tmt6765tmt6885mt2737mt6739mt8666nr16mt6855mt6789mt6985mt2735nr12amt6781mt6768mt6853mt6762dmt8795tmt6889mt8667mt6880mt8797mt6985tnr13mt6895mt6896mt8766mt8781mt6762mmt6983mt6769mt6877mt6886mt8789mt6765mt6761mt8675mt6785tmt6769smt6989tmt6763mt6785umt6877ttMT2735, MT2737, MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6771, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6785U, MT6789, MT6833, MT6833P, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT8666, MT8667, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8795T, MT8797, MT8798
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-20750
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.18%
||
7 Day CHG+0.01%
Published-02 Dec, 2025 | 02:34
Updated-17 Feb, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01661199; Issue ID: MSV-4296.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt6853tmt8791tmt6883nr15mt6855mt8771mt6833pmt2735mt6890mt6893mt6877tmt6877mt6875tmt6853mt6891mt8675mt8797mt6875mt8791mt6885mt6855tmt6833mt6889mt6873mt6877ttmt6880MT2735, MT6833, MT6833P, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8675, MT8771, MT8791, MT8791T, MT8797
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-20666
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.86% / 75.16%
||
7 Day CHG~0.00%
Published-05 May, 2025 | 02:49
Updated-17 Feb, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00650610; Issue ID: MSV-2933.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt8666mt8673mt6853tmt8791tmt6883nr15mt6855mt8771mt6833pmt2735mt6890mt6893mt6877tmt6877mt6875tmt6853mt6891mt8675mt8795tmt8797mt8798mt6875mt8791mt6885mt6855tmt6833mt8667mt6889mt6873mt6877ttmt6880MT2735, MT6833, MT6833P, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8666, MT8667, MT8673, MT8675, MT8771, MT8791, MT8791T, MT8795T, MT8797, MT8798
CWE ID-CWE-617
Reachable Assertion
CVE-2025-20695
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.62%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 02:00
Updated-14 Jul, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09741871; Issue ID: MSV-3317.

Action-Not Available
Vendor-Google LLCOpenWrtMediaTek Inc.
Product-mt8796mt7925mt7927mt6653mt6990mt8678mt6639mt6985mt6989openwrtsoftware_development_kitmt6991androidmt8196MT6639, MT6653, MT6985, MT6989, MT6990, MT6991, MT7925, MT7927, MT8196, MT8678, MT8796
CWE ID-CWE-124
Buffer Underwrite ('Buffer Underflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-20760
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.69%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 01:46
Updated-30 Mar, 2026 | 13:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible read of uninitialized heap data due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01676750; Issue ID: MSV-4653.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt8673mt8893mt8755nr16mt6879mt6989mt8791tmt6883mt6897nr17mt6986mt8793mt6855mt6985mt2735mt8873mt6890mt6893mt8863mt6980mt6853mt8795tmt8798mt8791mt6990mt8678mt6833mt6873mt6878mt6880mt8797nr15mt6895mt6896mt8771mt8792mt6983mt6877mt6886mt6891mt6993mt6899mt8675mt6875mt8676mt6889mt6885mt6991mt8883mt2737mt6835MediaTek chipset
CWE ID-CWE-617
Reachable Assertion
CVE-2025-20791
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 9.74%
||
7 Day CHG+0.01%
Published-02 Dec, 2025 | 02:34
Updated-17 Feb, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01661189; Issue ID: MSV-4298.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt6853tmt8791tmt6883nr15mt6855mt8771mt6833pmt2735mt6890mt6893mt6877tmt6877mt6875tmt6853mt6891mt8675mt8797mt6875mt8791mt6885mt6855tmt6833mt6889mt6873mt6877ttmt6880MT2735, MT6833, MT6833P, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8675, MT8771, MT8791, MT8791T, MT8797
CWE ID-CWE-617
Reachable Assertion
CVE-2025-20794
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 30.37%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 01:46
Updated-30 Mar, 2026 | 13:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689259 / MOLY01586470; Issue ID: MSV-4847.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt8673mt8893mt8755nr16mt6879mt6989mt8791tmt6813mt6883nr17mt6897mt6986mt8793mt6855mt6985mt2735mt8873mt6890mt6893mt8863mt6980nr17rmt6853mt6889mt8795tmt8798mt8791mt6990mt8678mt6833mt6873mt6878mt6880mt8797nr15mt6895mt6896mt8771mt8792mt6983mt6877mt6886mt6891mt6993mt6899mt8675mt6875mt8676mt6815mt6885mt6991mt8883mt2737mt6835MediaTek chipset
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2025-20762
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.69%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 01:46
Updated-30 Mar, 2026 | 13:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01685181; Issue ID: MSV-4760.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt8755mt6897nr17mt8793mt8792mt8873mt6878mmt8863mt6899mt6835tmt8676mt6991mt8883mt6878mt8678mt6835MediaTek chipset
CWE ID-CWE-617
Reachable Assertion
CVE-2025-20751
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 22.74%
||
7 Day CHG+0.01%
Published-02 Dec, 2025 | 02:34
Updated-17 Feb, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01661195; Issue ID: MSV-4297.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt6853tmt8791tmt6883nr15mt6855mt8771mt6833pmt2735mt6890mt6893mt6877tmt6877mt6875tmt6853mt6891mt8675mt8797mt6875mt8791mt6885mt6855tmt6833mt6889mt6873mt6877ttmt6880MT2735, MT6833, MT6833P, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8675, MT8771, MT8791, MT8791T, MT8797
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-20022
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.78% / 73.95%
||
7 Day CHG~0.00%
Published-04 Jan, 2022 | 15:57
Updated-03 Aug, 2024 | 01:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Bluetooth, there is a possible link disconnection due to bluetooth does not properly handle a connection attempt from a host with the same BD address as the currently connected BT host. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198578; Issue ID: ALPS06198578.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6757cdmt8765mt8167smt6771mt8385mt6580mt8788mt7662tmt7668mt6735mt6750smt6753mt6755smt8167mt6757cmt7663mt8183mt6737mt6739mt6757androidmt6757chmt8321mt8362amt6630mt8163mt8362bmt6763mt8173MT6580, MT6630, MT6735, MT6737, MT6739, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6763, MT6771, MT7662T, MT7663, MT7668, MT8163, MT8167, MT8167S, MT8173, MT8183, MT8321, MT8362A, MT8362B, MT8385, MT8765, MT8788
CVE-2022-20023
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 33.11%
||
7 Day CHG~0.00%
Published-04 Jan, 2022 | 15:57
Updated-03 Aug, 2024 | 01:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Bluetooth, there is a possible application crash due to bluetooth flooding a device with LMP_AU_rand packet. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198608; Issue ID: ALPS06198608.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6757cdmt8175mt6873mt6893mt8765mt6580mt8788mt7662tmt7920mt6755smt8167mt6765mt6757cmt7663mt6737mt8183mt6853tmt7921mt6739mt6757mt8768mt8789mt6761mt8797mt6889mt8321mt6768mt6630mt8362amt8362bmt8786mt8766mt8167smt6771mt8385mt6833mt6885mt6735mt6750smt6753mt6762mt6877mt8365mt8195mt6853mt8168androidmt6757chmt7922mt8185mt8791mt6779mt8163mt6785mt7668mt7915mt6763mt8173MT6580, MT6630, MT6735, MT6737, MT6739, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6885, MT6889, MT6893, MT7662T, MT7663, MT7668, MT7915, MT7920, MT7921, MT7922, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8195, MT8321, MT8362A, MT8362B, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2026-20402
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 21.63%
||
7 Day CHG~0.00%
Published-02 Feb, 2026 | 08:14
Updated-30 Mar, 2026 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00693083; Issue ID: MSV-5928.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt8791tmt6883nr15mt6855mt8771mt2735mt6890mt6893mt6877mt6853mt6891mt8675mt8797mt6875mt8791mt6885mt6833mt6889mt6873mt6880MediaTek chipset
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-20406
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 31.61%
||
7 Day CHG~0.00%
Published-02 Feb, 2026 | 08:14
Updated-30 Mar, 2026 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01726634; Issue ID: MSV-5728.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt8673mt8893mt8755nr16mt6879mt6989mt8791tmt6813mt6883nr17mt6897mt6986mt8793mt6855mt6985mt2735mt8873mt6890mt6893mt8668mt8863mt6980nr17rmt6853mt6889mt8795tmt8798mt8791mt6990mt8678mt6833mt6873mt6878mt6880mt8797nr15mt6895mt6896mt8771mt8792mt6858mt6983mt6877mt6886mt6891mt6993mt6899mt8675mt6875mt8676mt6815mt6885mt6991mt8883mt2737mt6835MediaTek chipset
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2026-20431
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 12.12%
||
7 Day CHG~0.00%
Published-07 Apr, 2026 | 03:25
Updated-10 Apr, 2026 | 19:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01106496; Issue ID: MSV-4467.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt6991_firmwaremt8775mt8676mt8792_firmwaremt6878_firmwaremt6899_firmwaremt6897mt6815mt6835mt8775_firmwaremt6813mt6878mt8793mt8863_firmwaremt6835_firmwaremt6991mt8793_firmwaremt8668_firmwaremt6993mt6899mt8883_firmwaremt8883mt8676_firmwaremt8873_firmwaremt8792mt8873mt8668mt6815_firmwaremt6813_firmwaremt6993_firmwaremt6897_firmwaremt8678_firmwaremt8678mt6986mt8863mt6986_firmwaremt8755mt8755_firmwareMediaTek chipset
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-20404
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.02% / 6.82%
||
7 Day CHG~0.00%
Published-02 Feb, 2026 | 08:14
Updated-30 Mar, 2026 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689248; Issue ID: MSV-4837.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt8673mt8893mt8755nr16mt6879mt6989mt8791tmt6813mt6883nr17mt6897mt6986mt8793mt6855mt6985mt2735mt8873mt6890mt6893mt8668mt8863mt6980nr17rmt6853mt6889mt8795tmt8798mt8791mt6990mt8678mt6833mt6873mt6878mt6880mt8797nr15mt6895mt6896mt8771mt8792mt6858mt6983mt6877mt6886mt6891mt6993mt6899mt8675mt6875mt8676mt6815mt6885mt6991mt8883mt2737mt6835MediaTek chipset
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-20420
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.84%
||
7 Day CHG~0.00%
Published-02 Feb, 2026 | 08:14
Updated-30 Mar, 2026 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738313; Issue ID: MSV-5935.

Action-Not Available
Vendor-MediaTek Inc.
Product-nr16mt6879mt6989mt6813mt6883nr17mt6897mt6986mt6855mt6985mt2735mt6890mt6893mt6980nr17rmt6853mt6889mt8791mt6990mt6833mt6873mt6878mt6880nr15mt6895mt6896mt6858mt6983mt6877mt6886mt6891mt6993mt6899mt6875mt8676mt6815mt6885mt6991mt2737mt6835MediaTek chipset
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-20419
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.01% / 2.63%
||
7 Day CHG~0.00%
Published-02 Feb, 2026 | 08:16
Updated-30 Mar, 2026 | 13:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wlan AP/STA firmware, there is a possible system becoming irresponsive due to an uncaught exception. This could lead to remote (proximal/adjacent) denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00461663 / WCNCR00463309; Issue ID: MSV-4852.

Action-Not Available
Vendor-MediaTek Inc.OpenWrt
Product-mt8775mt8893mt8910mt8791tmt7927mt8793mt8796software_development_kitmt7915mt6989tbmt8196nbiot_sdkmt8792mt8873mt6890mt7922mt8668mt7916mt7921mt7981mt8678mt8676mt7920openwrtmt7902mt8883mt7925mt7986MediaTek chipset
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2026-20401
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 35.73%
||
7 Day CHG~0.00%
Published-02 Feb, 2026 | 08:14
Updated-30 Mar, 2026 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738310; Issue ID: MSV-5933.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt8791tmt6883nr15mt6855mt8771mt2735mt6890mt6893mt6877mt6853mt6891mt8675mt8797mt6875mt8791mt6885mt6833mt6889mt6873mt6880MediaTek chipset
CWE ID-CWE-617
Reachable Assertion
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2026-20422
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.13%
||
7 Day CHG~0.00%
Published-02 Feb, 2026 | 08:14
Updated-30 Mar, 2026 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00827332; Issue ID: MSV-5919.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt8673mt8893mt8755nr16mt6879mt6989mt8791tmt6813mt6883nr17mt6897mt6986mt8793mt6855mt6985mt2735mt8873mt6890mt6893mt8668mt8863mt6980nr17rmt6853mt6889mt8795tmt8798mt8791mt6990mt8678mt6833mt6873mt6878mt6880mt8775mt8797nr15mt6895mt6896mt8771mt8792mt6858mt6983mt6877mt6886mt6891mt6993mt6899mt8675mt6875mt8676mt6815mt6885mt6991mt8883mt2737mt6835MediaTek chipset
CWE ID-CWE-617
Reachable Assertion
CVE-2026-20450
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 18.68%
||
7 Day CHG+0.01%
Published-04 May, 2026 | 05:41
Updated-07 May, 2026 | 12:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01753620; Issue ID: MSV-6100.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt8668mt8771_firmwaremt6991_firmwaremt2737_firmwaremt6989_firmwaremt8791mt8798_firmwaremt8795t_firmwaremt6875_firmwaremt6891_firmwaremt6883mt6858mt6990_firmwaremt8798mt6853_firmwaremt8893_firmwaremt8771mt6833_firmwaremt6890_firmwaremt8793_firmwaremt6899mt6986_firmwaremt6879mt8755mt6983mt8775mt6890mt8863_firmwaremt6895_firmwaremt6833mt2735mt8668_firmwaremt6855mt2735_firmwaremt8675mt6877_firmwaremt6853mt6895mt6893mt6893_firmwaremt8792mt6885mt8793mt8883mt6877mt6879_firmwaremt8791t_firmwaremt6986mt6886mt8883_firmwaremt6875mt6897mt6891mt6990mt8755_firmwaremt8873_firmwaremt6896mt6980_firmwaremt8676mt6889_firmwaremt6883_firmwaremt6985_firmwaremt8676_firmwaremt6858_firmwaremt8775_firmwaremt8675_firmwaremt8863mt6873_firmwaremt8795tmt8673_firmwaremt6880_firmwaremt6873mt8673mt6878mt8792_firmwaremt6855_firmwaremt8893mt6899_firmwaremt6991mt8873mt6878_firmwaremt6897_firmwaremt8797_firmwaremt8678_firmwaremt6880mt6985mt6989mt6835mt6993_firmwaremt6885_firmwaremt6835_firmwaremt6886_firmwaremt6980mt6896_firmwaremt6889mt8791_firmwaremt2737mt6993mt8678mt8791tmt6983_firmwaremt8797MediaTek chipset
CWE ID-CWE-617
Reachable Assertion
CVE-2026-20421
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 21.63%
||
7 Day CHG~0.00%
Published-02 Feb, 2026 | 08:14
Updated-30 Mar, 2026 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738293; Issue ID: MSV-5922.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt6883nr15mt6855mt2735mt6890mt6873mt6877mt6893mt6853mt6891mt6875mt8791mt6833mt6889mt6885mt6880MediaTek chipset
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-20403
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.84%
||
7 Day CHG~0.00%
Published-02 Feb, 2026 | 08:14
Updated-30 Mar, 2026 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689254 (Note: For N15 and NR16) / MOLY01689259 (Note: For NR17 and NR17R); Issue ID: MSV-4843.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt8673mt8893nr16mt6879mt6989mt8791tmt6813mt6883nr17mt6897mt6855mt6985mt2735mt6890mt6893mt6980nr17rmt6853mt6889mt8795tmt8798mt8791mt6990mt6833mt6873mt6878mt6880mt8797nr15mt6895mt6896mt8771mt6983mt6877mt6886mt6891mt6993mt6899mt8675mt6875mt8676mt6815mt6885mt6991mt2737mt6835MediaTek chipset
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-20405
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 35.22%
||
7 Day CHG~0.00%
Published-02 Feb, 2026 | 08:14
Updated-30 Mar, 2026 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01688495; Issue ID: MSV-4818.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt8673mt8893mt8755nr16mt6879mt6989mt8791tmt6813mt6883nr17mt6897mt6986mt8793mt6855mt6985mt2735mt8873mt6890mt6893mt8668mt8863mt6980nr17rmt6853mt6889mt8795tmt8798mt8791mt6990mt8678mt6833mt6873mt6878mt6880mt8797nr15mt6895mt6896mt8771mt8792mt6858mt6983mt6877mt6886mt6891mt6993mt6899mt8675mt6875mt8676mt6815mt6885mt6991mt8883mt2737mt6835MediaTek chipset
CWE ID-CWE-617
Reachable Assertion
CVE-2025-20644
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.94% / 76.42%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 02:25
Updated-17 Feb, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible memory corruption due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01525673; Issue ID: MSV-2747.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt8673nr16mt6879mt6989mt6853tmt8791tmt6883mt6855mt6833pmt6985mt2735mt6890mt6893mt6877tmt6980mt6875tmt6853mt8795tmt2737mt8798mt6990mt6833mt6873mt6880mt6983tmt6985tnr15mt6895mt6896mt6983mt6877mt6886mt6895ttmt6891mt6980dmt6875mt6855tmt6989tmt6889mt6885mt6877ttMT2735, MT2737, MT6833, MT6833P, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT8673, MT8791T, MT8795T, MT8798
CWE ID-CWE-1286
Improper Validation of Syntactic Correctness of Input
CVE-2025-20703
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 34.82%
||
7 Day CHG~0.00%
Published-01 Sep, 2025 | 05:12
Updated-17 Feb, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01599794; Issue ID: MSV-3708.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt8673mt8893nr16mt6879mt6989mt6853tmt8791tmt6813mt6883nr17mt6897mt6855mt6833pmt6985mt2735mt8873mt6890mt6878mmt6877tmt6893mt6980mt8863mt6875tnr17rmt6853mt8795tmt8798mt6835tmt8791mt6990mt8678mt6833mt6873mt6878mt6880mt6983tmt8797mt6985tnr15mt6895mt6896mt8771mt8792mt6983mt6877mt6886mt6895ttmt6891mt8675mt6899mt6980dmt6875mt6855tmt8676mt6989tmt6877ttmt6889mt6885mt6991mt8883mt2737mt6835MT2735, MT2737, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8673, MT8675, MT8676, MT8678, MT8771, MT8791, MT8791T, MT8792, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-20659
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 54.45%
||
7 Day CHG+0.03%
Published-07 Apr, 2025 | 03:14
Updated-17 Feb, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01519028; Issue ID: MSV-2768.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt6833_firmwaremt6989mt6762d_firmwaremt6853tmt6813mt6883mt6897_firmwaremt6983_firmwaremt6762mt6769tmt8786mt6878_firmwaremt6761_firmwaremt6893mt8768mt6895_firmwaremt8798mt6771_firmwaremt6835tmt8786_firmwaremt6983tmt6785mt8675_firmwaremt6989t_firmwaremt6895ttmt6765_firmwaremt2737_firmwaremt6779mt6980dmt6875mt6985t_firmwaremt6833p_firmwaremt6875t_firmwaremt6785_firmwaremt6877_firmwaremt6880_firmwaremt2737mt8666mt6883_firmwaremt6785t_firmwaremt6885_firmwaremt6897mt6855mt6783_firmwaremt6789mt2735mt8673_firmwaremt6853t_firmwaremt8863mt6853mt6762dmt6769s_firmwaremt6895tt_firmwaremt8768_firmwaremt6873_firmwaremt6769z_firmwaremt6879_firmwaremt6769t_firmwaremt6855_firmwaremt6878mt6768_firmwaremt6835t_firmwaremt6989_firmwaremt6895mt8766mt8781mt6762mmt6886_firmwaremt8771_firmwaremt6769mt6877mt6886mt6761mt6899mt6763_firmwaremt8766_firmwaremt6875_firmwaremt8863_firmwaremt6769smt6990_firmwaremt6991_firmwaremt6877ttmt6785umt6835_firmwaremt8678mt8788e_firmwaremt6767_firmwaremt8788mt6879mt8791tmt8796mt6833pmt8796_firmwaremt6890mt6878mmt6877tmt6771mt6779_firmwaremt6980mt2735_firmwaremt6769zmt6875tmt6781_firmwaremt8798_firmwaremt6990mt6765t_firmwaremt6833mt6769k_firmwaremt6873mt6853_firmwaremt6896_firmwaremt6877t_firmwaremt8678_firmwaremt8765_firmwaremt8771mt8765mt6767mt6783mt6813_firmwaremt8666_firmwaremt6891mt6985_firmwaremt6878m_firmwaremt6983t_firmwaremt8788_firmwaremt6769kmt6855tmt8676mt6765tmt6739_firmwaremt6885mt6991mt6877tt_firmwaremt6835mt6739mt8673mt6985mt6980_firmwaremt6889_firmwaremt8667_firmwaremt6762m_firmwaremt6781mt6768mt6789_firmwaremt8791t_firmwaremt6762_firmwaremt8667mt8788emt6880mt8797mt6769_firmwaremt6899_firmwaremt6985tmt8676_firmwaremt6896mt6980d_firmwaremt6983mt6765mt6855t_firmwaremt8675mt6785tmt8781_firmwaremt6891_firmwaremt8797_firmwaremt6890_firmwaremt6989tmt6763mt6889mt6893_firmwaremt6785u_firmwareMT2735, MT2737, MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6771, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6785U, MT6789, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8666, MT8667, MT8673, MT8675, MT8676, MT8678, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8791T, MT8796, MT8797, MT8798, MT8863
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-20793
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 40.40%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 01:46
Updated-30 Mar, 2026 | 13:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01430930; Issue ID: MSV-4836.

Action-Not Available
Vendor-MediaTek Inc.
Product-mt8673mt8893mt8755nr16mt6879mt6989mt8791tmt6813mt6883nr17mt6897mt8793mt6855mt6985mt2735mt8873mt6890mt6893mt8863mt6980nr17rmt6853mt6889mt8795tmt8798mt8791mt6990mt8678mt6833mt6873mt6878mt6880mt8797nr15mt6895mt6896mt8771mt8792mt6983mt6877mt6886mt6891mt6993mt6899mt8675mt6875mt8676mt6815mt6885mt6991mt8883mt2737mt6835MediaTek chipset
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-20752
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 9.74%
||
7 Day CHG+0.01%
Published-02 Dec, 2025 | 02:34
Updated-17 Feb, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01270690; Issue ID: MSV-4301.

Action-Not Available
Vendor-MediaTek Inc.
Product-nr16mt6879mt6989mt6853tmt8791tmt6813mt6883nr17mt6897mt6855mt6833pmt6985mt2735mt6890mt6878mmt6877tmt6893mt6980mt6875tnr17rmt6853mt6835tmt6990mt6833mt6873mt6878mt6880mt6983tmt6985tnr15mt6895mt6896mt6983mt6877mt6886mt6895ttmt6891mt6899mt6980dmt6875mt6855tmt8676mt6989tmt6877ttmt6889mt6885mt6991mt2737mt6835MT2735, MT2737, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8676, MT8791T
CWE ID-CWE-617
Reachable Assertion
CVE-2021-41789
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.92%
||
7 Day CHG~0.00%
Published-04 Jan, 2022 | 15:54
Updated-04 Aug, 2024 | 03:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wifi driver, there is a possible system crash due to a missing validation check. This could lead to remote denial of service from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20190426015; Issue ID: GN20190426015.

Action-Not Available
Vendor-n/aMediaTek Inc.
Product-mt7622mt7615_firmwaremt7615mt7622_firmwaren/a
CWE ID-CWE-20
Improper Input Validation
CVE-2024-20139
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 20.20%
||
7 Day CHG~0.00%
Published-02 Dec, 2024 | 03:07
Updated-12 Jan, 2026 | 16:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Bluetooth firmware, there is a possible firmware asssert due to improper handling of exceptional conditions. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09001270; Issue ID: MSV-1600.

Action-Not Available
Vendor-The Linux FoundationOpenWrtMediaTek Inc.Google LLC
Product-mt8678yoctomt3605mt7927mt8532mt7925androidmt8518ssoftware_development_kitopenwrtmt6989mt6985mt2737mt6990MT2737, MT3605, MT6985, MT6989, MT6990, MT7925, MT7927, MT8518S, MT8532, MT8678mt8518smt6990mt6985mt3605mt7927mt6989mt2737mt7925mt8532mt8678
CWE ID-CWE-617
Reachable Assertion
CVE-2022-20021
Matching Score-8
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-8
Assigner-MediaTek, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.78% / 73.95%
||
7 Day CHG~0.00%
Published-04 Jan, 2022 | 15:57
Updated-03 Aug, 2024 | 01:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Bluetooth, there is a possible application crash due to bluetooth does not properly handle the reception of multiple LMP_host_connection_req. This could lead to remote denial of service of bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198513; Issue ID: ALPS06198513.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6757cdmt8765mt8167smt6771mt8385mt6580mt8788mt7662tmt7668mt6735mt6750smt6753mt6755smt8167mt6757cmt7663mt8183mt6737mt6739mt6757androidmt6757chmt8321mt8362amt6630mt8163mt8362bawus036nhmt6763mt8173MT6580, MT6630, MT6735, MT6737, MT6739, MT6750S, MT6753, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6763, MT6771, MT7662T, MT7663, MT7668, MT8163, MT8167, MT8167S, MT8173, MT8183, MT8321, MT8362A, MT8362B, MT8385, MT8765, MT8788
CVE-2026-20436
Matching Score-6
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-6
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 5.16%
||
7 Day CHG~0.00%
Published-02 Mar, 2026 | 08:39
Updated-30 Mar, 2026 | 13:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wlan STA driver, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00473802; Issue ID: MSV-5970.

Action-Not Available
Vendor-MediaTek Inc.
Product-nbiot_sdkmt7902mt8696mt7922mt7927mt7920mt7925mt7921MediaTek chipset
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-32860
Matching Score-6
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-6
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 11.73%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 03:46
Updated-02 Aug, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In display, there is a possible classic buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929788; Issue ID: ALPS07929788.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt6985mt6873mt6893mt6833mt6886mt6885mt6983mt6877mt6781mt6765mt6853mt6883mt6895mt6789mt6835androidmt6761mt6889mt6768mt6779mt6785mt6879MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-32859
Matching Score-6
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-6
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 11.16%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 03:46
Updated-17 Oct, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In meta, there is a possible classic buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08000473; Issue ID: ALPS08000473.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6855mt8175mt6873mt6893mt8675mt6886mt8395mt8788mt6983mt8188tmt8666mt8167mt6765mt6883mt8390mt6835mt8768mt8789mt6761mt8797mt6889mt8321mt6768mt8362amt8786mt8766mt6985mt8167smt8188mt6833mt6885mt6877mt6781mt8365mt8195mt6853mt6895mt8168mt6789androidmt8185mt6779mt6785mt6879mt8173MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8188, MT8188T, MT8195, MT8321, MT8362A, MT8365, MT8390, MT8395, MT8666, MT8675, MT8766, MT8768, MT8786, MT8788, MT8789, MT8797mt8797
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-20709
Matching Score-6
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-6
Assigner-MediaTek, Inc.
CVSS Score-8.8||HIGH
EPSS-0.03% / 10.64%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 09:11
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00415809; Issue ID: MSV-3405.

Action-Not Available
Vendor-MediaTek Inc.OpenWrt
Product-mt7981mt7916software_development_kitmt7986mt6890mt7915openwrtMT6890, MT7915, MT7916, MT7981, MT7986
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-20624
Matching Score-6
Assigner-MediaTek, Inc.
ShareView Details
Matching Score-6
Assigner-MediaTek, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 3.24%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 00:00
Updated-06 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In vow, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628530; Issue ID: ALPS07628530.

Action-Not Available
Vendor-Google LLCMediaTek Inc.
Product-mt6853androidmt6855mt8781mt6983mt6833mt6873mt6883mt8797mt6885mt6789mt8791mt6875mt6877mt6879mt8791tMT6789, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6983, MT8781, MT8791, MT8791T, MT8797
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-0421
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 3.24%
||
7 Day CHG~0.00%
Published-27 Sep, 2021 | 11:20
Updated-03 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In memory management driver, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05381235.

Action-Not Available
Vendor-n/aGoogle LLCMediaTek Inc.
Product-mt6757cdmt6592hmt6873mt6893mt6799mt6580mt6750mt6582emt6755smt6595mt6757cmt6765mt6737mt6883mt6891mt6592tmt6853tmt6739mt6757mt6797mt6769mt6761mt6875mt6889mt6768mt6755mt6592_90mt6771mt6758mt6833mt6732mt6885mt6582tmt6735mt6750smt6753mt6762mt6795mt6877mt6582wmt6853androidmt6757chmt6589tdmt6592emt6589mt6582hmt6582_90mt6752mt6779mt6785mt6731mt6763mt6592wMT6580, MT6582E, MT6582H, MT6582T, MT6582W, MT6582_90, MT6589, MT6589TD, MT6592E, MT6592H, MT6592T, MT6592W, MT6592_90, MT6595, MT6731, MT6732, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6752, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-15532
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 33.91%
||
7 Day CHG~0.00%
Published-19 Aug, 2020 | 18:59
Updated-04 Aug, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. This is an over-the-air denial of service vulnerability in Bluetooth LE in EFR32 SoCs and associated modules running Bluetooth SDK, supporting Central or Observer roles.

Action-Not Available
Vendor-silabsn/a
Product-bluetooth_low_energy_software_development_kitn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2020-0576
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.35% / 57.67%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 16:58
Updated-04 Aug, 2024 | 06:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Intel(R) Modular Server MFS2600KISPP Compute Module may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-compute_module_mfs2600ki_firmwarecompute_module_mfs2600kiIntel(R) Modular Server Compute Module
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2022-25635
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 32.26%
||
7 Day CHG~0.00%
Published-30 Aug, 2022 | 04:25
Updated-16 Sep, 2024 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Realtek Linux/Android Bluetooth Mesh SDK - Buffer Overflow

Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for broadcast network packet length. An unauthenticated attacker in the adjacent network can exploit this vulnerability to disrupt service.

Action-Not Available
Vendor-Realtek Semiconductor Corp.Linux Kernel Organization, IncGoogle LLC
Product-androidlinux_kernelbluetooth_mesh_software_development_kitLinux/Android Bluetooth Mesh SDK
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-19196
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 30.20%
||
7 Day CHG~0.00%
Published-12 Feb, 2020 | 14:23
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation on Telink Semiconductor BLE SDK versions before November 2019 for TLSR8x5x through 3.4.0, TLSR823x through 1.3.0, and TLSR826x through 3.3 devices accepts a pairing request with a key size greater than 16 bytes, allowing an attacker in radio range to cause a buffer overflow and denial of service (crash) via crafted packets.

Action-Not Available
Vendor-telink-semin/a
Product-tlsr8251tlsr8232_ble_sdktlsr8232tlsr8251_ble_sdktlsr8269tlsr8258_ble_sdktlsr8253_ble_sdktlsr8258tlsr8269_ble_sdktlsr8253n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-17061
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 53.13%
||
7 Day CHG~0.00%
Published-10 Feb, 2020 | 20:17
Updated-05 Aug, 2024 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Bluetooth Low Energy (BLE) stack implementation on Cypress PSoC 4 through 3.62 devices does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID (LLID) equal to zero. This allows attackers within radio range to cause deadlocks, cause anomalous behavior in the BLE state machine, or trigger a buffer overflow via a crafted BLE Link Layer frame.

Action-Not Available
Vendor-cypressn/a
Product-psoc_4_blepsoc_4n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-17520
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 35.30%
||
7 Day CHG~0.00%
Published-10 Feb, 2020 | 20:26
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Bluetooth Low Energy implementation on Texas Instruments SDK through 3.30.00.20 for CC2640R2 devices does not properly restrict the SM Public Key packet on reception, allowing attackers in radio range to cause a denial of service (crash) via crafted packets.

Action-Not Available
Vendor-tin/a
Product-cc2640r2_software_development_kitcc2640r2n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-17518
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 41.77%
||
7 Day CHG~0.00%
Published-10 Feb, 2020 | 20:22
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Bluetooth Low Energy implementation on Dialog Semiconductor SDK through 1.0.14.1081 for DA1468x devices responds to link layer packets with a payload length larger than expected, allowing attackers in radio range to cause a buffer overflow via a crafted packet. This affects, for example, August Smart Lock.

Action-Not Available
Vendor-dialog-semiconductorn/a
Product-da14680da14681da14682software_development_kitda14683n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-16336
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 49.21%
||
7 Day CHG~0.00%
Published-12 Feb, 2020 | 17:59
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE component 3.61 and earlier processes data channel frames with a payload length larger than the configured link layer maximum RX payload size, which allows attackers (in radio range) to cause a denial of service (crash) via a crafted BLE Link Layer frame.

Action-Not Available
Vendor-cypressn/a
Product-cybl11573cyble-416045n/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • Previous
  • 1
  • 2
  • Next
Details not found