In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01088681; Issue ID: MSV-4460.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00053.

Exploitation none

Automatable no

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
MediaTek, Inc. MediaTek chipset unaffected
Version Status Constraints
MT2735 affected
MT2737 affected
MT6813 affected
MT6833 affected
MT6833P affected
MT6835 affected
MT6835T affected
MT6853 affected
MT6853T affected
MT6855 affected
MT6855T affected
MT6873 affected
MT6875 affected
MT6875T affected
MT6877 affected
MT6877T affected
MT6877TT affected
MT6878 affected
MT6878M affected
MT6879 affected
MT6880 affected
MT6883 affected
MT6885 affected
MT6886 affected
MT6889 affected
MT6890 affected
MT6891 affected
MT6893 affected
MT6895 affected
MT6895TT affected
MT6896 affected
MT6897 affected
MT6899 affected
MT6980 affected
MT6980D affected
MT6983 affected
MT6983T affected
MT6985 affected
MT6985T affected
MT6989 affected
MT6989T affected
MT6990 affected
MT6991 affected
MT8668 affected
MT8673 affected
MT8675 affected
MT8676 affected
MT8678 affected
MT8755 affected
MT8771 affected
MT8775 affected
MT8791 affected
MT8791T affected
MT8792 affected
MT8793 affected
MT8795T affected
MT8797 affected
MT8798 affected
MT8863 affected
MT8873 affected
MT8883 affected
MT8893 affected

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Mediatek Subscribe
Mediatek Chipset Subscribe

Project Subscriptions

Vendors Products
Mediatek Subscribe
Mediatek Chipset Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://corp.mediatek.com/product-security-bulletin/April-2026 cve-icon cve-icon
History

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title MediaTek Modem Out‑of‑Bounds Write Allows Remote Privilege Escalation via Rogue Base Station
First Time appeared Mediatek
Mediatek mediatek Chipset
Vendors & Products Mediatek
Mediatek mediatek Chipset

Tue, 07 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 07 Apr 2026 07:15:00 +0000

Type Values Removed Values Added
Description In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01088681; Issue ID: MSV-4460.
Weaknesses CWE-787
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: MediaTek

Published:

Updated: 2026-04-08T03:55:26.543Z

Reserved: 2025-11-03T01:30:59.011Z

Link: CVE-2026-20433

cve-icon Vulnrichment

Updated: 2026-04-07T13:01:12.942Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-04-07T04:17:12.830

Modified: 2026-04-07T14:16:19.807

Link: CVE-2026-20433

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:50:10Z

Weaknesses