Description
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Published: 2026-05-06
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is located in the Modem IMS component of Unisoc devices. An attacker may supply specially crafted input that bypasses validation checks, causing the modem to crash or become unreachable. This results in a denial of service to all services that rely on the modem. No escalation of privileges is required.

Affected Systems

Unisoc (Shanghai) Technologies Co., Ltd. products: SC7731E, SC9832E, SC9863A, T310, T610, T618, T7200, T7225, T7250, T7255, T7280, T7300, T8100, T9100, T8200, and T8300. Affected versions are not disclosed by the vendor.

Risk and Exploitability

The CVSS score of 7.5 indicates high severity. No EPSS score is currently published, so the exploitation probability cannot be quantified. The vulnerability is not listed in CISA's KEV catalog, suggesting that there are no publicly known exploits. Attackers would need remote network access to the modem’s IMS interface, which may be over IP or a proprietary protocol. While privilege escalation is not required, the impact is a loss of service. In the absence of patch availability, the attack vector is likely remote network. The lack of exploitation evidence tolerates a measured risk but warrants monitoring.

Generated by OpenCVE AI on May 6, 2026 at 03:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any available firmware or software update from Unisoc that addresses this issue.
  • If no update is available, block or restrict external access to the modem’s IMS interface using firewall rules or network segmentation to minimize the attack surface.
  • Monitor modem logs for anomalous crashes or repeated failure messages and set up alerts for service interruptions.

Generated by OpenCVE AI on May 6, 2026 at 03:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 06 May 2026 03:30:00 +0000

Type Values Removed Values Added
Title Improper Input Validation in Modem IMS Leading to Remote Denial of Service
Weaknesses CWE-20

Wed, 06 May 2026 02:00:00 +0000

Type Values Removed Values Added
Description In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Unisoc

Published:

Updated: 2026-05-06T01:43:13.544Z

Reserved: 2026-03-02T05:55:13.666Z

Link: CVE-2025-71254

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-06T02:16:04.983

Modified: 2026-05-06T02:16:04.983

Link: CVE-2025-71254

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T03:30:05Z

Weaknesses