An uncaught exception in the modem firmware can cause a system crash, leading to a remote denial of service when a user equipment device connects to a rogue base station. This flaw represents a structural coding error as identified by CWE‑754 and CWE‑770 and requires no additional attacker privileges or user interaction to trigger.

Affected systems include a wide range of MediaTek chipset products such as the MT2735, MT2737, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6858, MT6873, MT6875, MT6877, MT6878, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6896, MT6897, MT6899, MT6980, MT6983, MT6985, MT6986, MT6989, MT6990, MT6991, MT6993, MT8668, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8791, MT8791t, MT8792, MT8793, MT8795t, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893, as well as various NR baseband platforms (nr15, nr16, nr17, nr17r). These firmware components are common in smartphones and IoT devices.

The risk is moderate with a CVSS score of 6.5 and an EPSS score below 1 %, indicating a low probability of exploitation at the time of analysis. However, the flaw is not included in CISA’s Known Exploited Vulnerabilities catalog, so no active exploit is publicly reported yet. The most likely attack vector is a remote adversary controlling a rogue base station that forces the device to invoke the faulty code path, causing an unintended crash without any user action.