Search
Search Results (14 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-20727 | 1 Mediatek | 90 Lr12a, Modem, Mt2735 and 87 more | 2025-11-05 | 7.5 High |
| In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672601; Issue ID: MSV-4623. | ||||
| CVE-2025-20725 | 2 Mediatek, Mediatk | 141 Lr12a, Mt2735, Mt2737 and 138 more | 2025-11-05 | 7.5 High |
| In ims service, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01671924; Issue ID: MSV-4620. | ||||
| CVE-2025-20726 | 1 Mediatek | 90 Lr12a, Modem, Mt2735 and 87 more | 2025-11-05 | 7.5 High |
| In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672598; Issue ID: MSV-4622. | ||||
| CVE-2025-20722 | 4 Google, Mediatek, Openwrt and 1 more | 40 Android, Mt6835, Mt6835 Firmware and 37 more | 2025-10-21 | 5.5 Medium |
| In gnss driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09920036; Issue ID: MSV-3798. | ||||
| CVE-2025-20721 | 2 Google, Mediatek | 25 Android, Iot Yocto, Mt6873 and 22 more | 2025-10-21 | 7.8 High |
| In imgsensor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10089545; Issue ID: MSV-4279. | ||||
| CVE-2025-20703 | 1 Mediatek | 63 Modem, Mt2735, Mt2737 and 60 more | 2025-09-03 | 7.5 High |
| In Modem, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01599794; Issue ID: MSV-3708. | ||||
| CVE-2025-20708 | 1 Mediatek | 64 Modem, Mt2735, Mt2737 and 61 more | 2025-09-03 | 8.1 High |
| In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01123853; Issue ID: MSV-4131. | ||||
| CVE-2025-20678 | 1 Mediatek | 94 Lr12a, Lr13, Mt6739 and 91 more | 2025-07-10 | 7.5 High |
| In ims service, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01394606; Issue ID: MSV-2739. | ||||
| CVE-2025-20670 | 1 Mediatek | 46 Mt2737, Mt6813, Mt6835 and 43 more | 2025-05-12 | 5.7 Medium |
| In Modem, there is a possible permission bypass due to improper certificate validation. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with User execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01334347; Issue ID: MSV-2772. | ||||
| CVE-2025-20667 | 1 Mediatek | 88 Lr12a, Lr13, Mt2735 and 85 more | 2025-05-12 | 7.5 High |
| In Modem, there is a possible information disclosure due to incorrect error handling. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01513293; Issue ID: MSV-2741. | ||||
| CVE-2024-20150 | 1 Mediatek | 80 Lr12a, Lr13, Mt2735 and 77 more | 2025-04-22 | 7.5 High |
| In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01412526; Issue ID: MSV-2018. | ||||
| CVE-2025-20644 | 1 Mediatek | 41 Mt2735, Mt2737, Mt6833 and 38 more | 2025-04-22 | 7.5 High |
| In Modem, there is a possible memory corruption due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01525673; Issue ID: MSV-2747. | ||||
| CVE-2025-20659 | 1 Mediatek | 170 Mt2735, Mt2735 Firmware, Mt2737 and 167 more | 2025-04-11 | 7.5 High |
| In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01519028; Issue ID: MSV-2768. | ||||
| CVE-2025-20634 | 1 Mediatek | 32 Mt2737, Mt6813, Mt6835 and 29 more | 2025-03-18 | 9.8 Critical |
| In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01289384; Issue ID: MSV-2436. | ||||
Page 1 of 1.