Description
In nr modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Published: 2026-05-06
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw lies in the NR modem firmware of Unisoc devices where input data is not properly validated, leading to a remote denial of service that does not require privileged access. This is an example of improper input validation—a weakness that can cause service disruption when malformed packets or requests are processed by the modem.

Affected Systems

Unisoc (Shanghai) Technologies Co., Ltd. devices, specifically the T8100, T9100, T8200, and T8300 series. Any firmware or software that incorporates the NR modem component on these chipsets is potentially vulnerable; no specific version numbers are provided, so all current builds using this modem may be affected.

Risk and Exploitability

With a CVSS score of 7.5, the problem is considered high severity. The attack vector is inferred to be remote, as the denial of service can be triggered from outside the device without needing local privileges or additional execution rights. The EPSS score is not available, and the vulnerability is not listed in CISA's KEV catalog, suggesting that, as of now, public exploitation is not widely observed. Nonetheless, the lack of privilege requirements makes it an attractive target for adversaries who can disrupt device connectivity.

Generated by OpenCVE AI on May 6, 2026 at 03:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor firmware or software update that addresses the denial of service issue when released
  • Restrict access to the NR modem management interface by limiting exposure to untrusted networks or implementing access controls
  • Deploy network monitoring, rate limiting, and failover mechanisms to detect and mitigate sudden loss of service caused by malformed input

Generated by OpenCVE AI on May 6, 2026 at 03:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 06 May 2026 04:15:00 +0000

Type Values Removed Values Added
Title Remote Denial of Service via Improper Input Validation in Unisoc NR Modem
Weaknesses CWE-20

Wed, 06 May 2026 02:00:00 +0000

Type Values Removed Values Added
Description In nr modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Unisoc

Published:

Updated: 2026-05-06T01:43:17.932Z

Reserved: 2026-03-02T05:55:13.666Z

Link: CVE-2025-71256

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-06T02:16:05.213

Modified: 2026-05-06T02:16:05.213

Link: CVE-2025-71256

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T04:00:10Z

Weaknesses