CVE-2026-20435 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2026-20435

Analyzed

More Info Official Page

Source-security@mediatek.com

Published At-02 Mar, 2026 | 09:16

Updated At-03 Mar, 2026 | 12:52

In preloader, there is a possible read of device unique identifiers due to a logic error. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS10607099; Issue ID: MSV-6118.

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	4.6	MEDIUM	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 4.6

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CPE Matches

The Linux Foundation

>>yocto>>4.0

cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*

rdkcentral>>rdk-b>>2022q3

cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*

rdkcentral>>rdk-b>>2024q1

cpe:2.3:a:rdkcentral:rdk-b:2024q1:*:*:*:*:*:*:*

>>android>>14.0

cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*

>>android>>15.0

cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*

>>android>>16.0

cpe:2.3:o:google:android:16.0:-:*:*:*:*:*:*

>>openwrt>>21.02.0

cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*

>>openwrt>>23.05.0

cpe:2.3:o:openwrt:openwrt:23.05.0:-:*:*:*:*:*:*

>>zephyr>>3.7.0

cpe:2.3:o:zephyrproject:zephyr:3.7.0:-:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt2737:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6813:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6993:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8169:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8186:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8370:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8676:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8696:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8793:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-522	Secondary	security@mediatek.com

CWE ID: CWE-522

Type: Secondary

Source: security@mediatek.com

References

Hyperlink	Source	Resource
https://corp.mediatek.com/product-security-bulletin/March-2026	security@mediatek.com	Vendor Advisory

Hyperlink: https://corp.mediatek.com/product-security-bulletin/March-2026

Source: security@mediatek.com

Resource:

Vendor Advisory