Description
In wlan STA driver, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00464377; Issue ID: MSV-4905.
Published: 2026-02-02
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation
Action: Patch Immediately
AI Analysis

Impact

The vulnerability resides in the WLAN STA driver of MediaTek chipsets. A missing bounds check permits an attacker with user execution privileges to overwrite memory, potentially gaining higher privileges or taking control of the device. The flaw does not require user interaction and can be triggered locally, meaning it is not dependent on network exposure.

Affected Systems

Affected products include MediaTek chipsets such as MT7902, MT7920, MT7921, MT7922, MT7925, MT7927, as well as the NBiot SDK. The flaw impacts the WLAN STA driver component in these devices.

Risk and Exploitability

With a CVSS score of 9.3 the vulnerability is considered severe, though the EPSS score is less than 1%, indicating a low current probability of exploitation. The flaw is not listed in the CISA KEV catalog. Exploitation requires local access and user‑level privileges; once triggered, the off‑by‑range write could lead to privilege escalation.

Generated by OpenCVE AI on April 16, 2026 at 07:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑supplied patch identified as WCNCR00464377 to the WLAN STA driver.
  • Deploy firmware updates that incorporate the patched driver to all affected MediaTek devices (MT7902, MT7920, MT7921, MT7922, MT7925, MT7927, and the NBiot SDK).
  • If a patch cannot be applied immediately, disable the WLAN STA driver or restrict its execution to the minimal privileges required until a fix is available.

Generated by OpenCVE AI on April 16, 2026 at 07:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 07:30:00 +0000

Type Values Removed Values Added
Title WLAN STA Driver Local Privilege Escalation via Missing Bounds Check

Wed, 04 Feb 2026 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Mediatek
Mediatek mt7902
Mediatek mt7920
Mediatek mt7921
Mediatek mt7922
Mediatek mt7925
Mediatek mt7927
Mediatek nbiot Sdk
CPEs cpe:2.3:a:mediatek:nbiot_sdk:*:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7902:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7920:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7921:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7922:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7925:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7927:-:*:*:*:*:*:*:*
Vendors & Products Mediatek
Mediatek mt7902
Mediatek mt7920
Mediatek mt7921
Mediatek mt7922
Mediatek mt7925
Mediatek mt7927
Mediatek nbiot Sdk

Wed, 04 Feb 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Mediatk
Mediatk mt7902
Mediatk mt7920
Mediatk mt7921
Mediatk mt7922
Mediatk mt7925
Mediatk mt7927
Vendors & Products Mediatk
Mediatk mt7902
Mediatk mt7920
Mediatk mt7921
Mediatk mt7922
Mediatk mt7925
Mediatk mt7927

Tue, 03 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

 cvssV3_1

{'score': 9.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}

Mon, 02 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 02 Feb 2026 08:30:00 +0000

Type Values Removed Values Added
Description In wlan STA driver, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00464377; Issue ID: MSV-4905.
Weaknesses CWE-787
References

Subscriptions

Mediatek Mt7902 Mt7920 Mt7921 Mt7922 Mt7925 Mt7927 Nbiot Sdk
Mediatk Mt7902 Mt7920 Mt7921 Mt7922 Mt7925 Mt7927
cve-icon MITRE

Status: PUBLISHED

Assigner: MediaTek

Published:

Updated: 2026-03-30T13:02:54.988Z

Reserved: 2025-11-03T01:30:59.007Z

Link: CVE-2026-20407

cve-icon Vulnrichment

Updated: 2026-02-02T18:59:13.150Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-02T09:15:55.520

Modified: 2026-02-04T13:50:50.817

Link: CVE-2026-20407

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T07:15:28Z

Weaknesses