CVE-2026-20431

MEDIUM EPSS 22.6%

Published Apr 7, 20262mo ago · Modified Jun 17, 20261w ago

6.5 CVSS 3.1

Medium

Published Apr 7, 2026 2mo ago

Last Modified Jun 17, 2026 1w ago

Description

In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01106496; Issue ID: MSV-4467.

CVSS Details

Base Score

6.5

Exploitability

2.8

Impact

3.6

Vector string

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector Adjacent

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality None

Integrity None

Availability High

Threat Intelligence

EPSS Exploit Probability

22.6% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-770

Affected Products 38

Vendor	Product	Version	Range
mediatek	mt6813_firmware	*	any
mediatek	mt6813	*	any
mediatek	mt6815_firmware	*	any
mediatek	mt6815	*	any
mediatek	mt6835_firmware	*	any
mediatek	mt6835	*	any
mediatek	mt6878_firmware	*	any
mediatek	mt6878	*	any
mediatek	mt6897_firmware	*	any
mediatek	mt6897	*	any
mediatek	mt6899_firmware	*	any
mediatek	mt6899	*	any
mediatek	mt6986_firmware	*	any
mediatek	mt6986	*	any
mediatek	mt6991_firmware	*	any
mediatek	mt6991	*	any
mediatek	mt6993_firmware	*	any
mediatek	mt6993	*	any
mediatek	mt8668_firmware	*	any
mediatek	mt8668	*	any
mediatek	mt8676_firmware	*	any
mediatek	mt8676	*	any
mediatek	mt8678_firmware	*	any
mediatek	mt8678	*	any
mediatek	mt8755_firmware	*	any
mediatek	mt8755	*	any
mediatek	mt8775_firmware	*	any
mediatek	mt8775	*	any
mediatek	mt8792_firmware	*	any
mediatek	mt8792	*	any
mediatek	mt8793_firmware	*	any
mediatek	mt8793	*	any
mediatek	mt8863_firmware	*	any
mediatek	mt8863	*	any
mediatek	mt8873_firmware	*	any
mediatek	mt8873	*	any
mediatek	mt8883_firmware	*	any
mediatek	mt8883	*	any

References 1

corp.mediatek.com https://corp.mediatek.com/product-security-bulletin/April-2026

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.