CVE-2026-20435

MEDIUM EPSS 1.8%

Published Mar 2, 20263mo ago · Modified Mar 3, 20263mo ago

4.6 CVSS 3.1

Medium

Published Mar 2, 2026 3mo ago

Last Modified Mar 3, 2026 3mo ago

Description

In preloader, there is a possible read of device unique identifiers due to a logic error. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS10607099; Issue ID: MSV-6118.

CVSS Details

Base Score

4.6

Exploitability

0.9

Impact

3.6

Vector string

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector Physical

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality High

Integrity None

Availability None

Threat Intelligence

EPSS Exploit Probability

1.8% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-522

Affected Products 44

Vendor	Product	Version	Range
linuxfoundation	yocto	4.0	any
rdkcentral	rdk-b	2022q3	any
rdkcentral	rdk-b	2024q1	any
google	android	14.0	any
google	android	15.0	any
google	android	16.0	any
openwrt	openwrt	21.02.0	any
openwrt	openwrt	23.05.0	any
zephyrproject	zephyr	3.7.0	any
mediatek	mt2737	*	any
mediatek	mt6739	*	any
mediatek	mt6761	*	any
mediatek	mt6765	*	any
mediatek	mt6768	*	any
mediatek	mt6781	*	any
mediatek	mt6789	*	any
mediatek	mt6813	*	any
mediatek	mt6833	*	any
mediatek	mt6853	*	any
mediatek	mt6855	*	any
mediatek	mt6877	*	any
mediatek	mt6878	*	any
mediatek	mt6879	*	any
mediatek	mt6880	*	any
mediatek	mt6885	*	any
mediatek	mt6886	*	any
mediatek	mt6890	*	any
mediatek	mt6893	*	any
mediatek	mt6895	*	any
mediatek	mt6897	*	any
mediatek	mt6983	*	any
mediatek	mt6985	*	any
mediatek	mt6989	*	any
mediatek	mt6990	*	any
mediatek	mt6993	*	any
mediatek	mt8169	*	any
mediatek	mt8186	*	any
mediatek	mt8188	*	any
mediatek	mt8370	*	any
mediatek	mt8390	*	any
mediatek	mt8676	*	any
mediatek	mt8678	*	any
mediatek	mt8696	*	any
mediatek	mt8793	*	any

References 1

corp.mediatek.com https://corp.mediatek.com/product-security-bulletin/March-2026

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.