Description
In wlan, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00461651; Issue ID: MSV-4758.
Published: 2026-02-02
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Privilege Escalation
Action: Apply Patch
AI Analysis

Impact

A heap buffer overflow in the wireless LAN component of MediaTek chipsets allows an attacker to perform an out‑of‑bounds write. The vulnerability is triggered without any user interaction and can lead to remote (proximal/adjacent) privilege escalation, granting the attacker higher privileges on the affected device. The flaw is identified as both CWE‑122 (Heap-Based Buffer Overflow) and CWE‑787 (Out‑of‑Bounds Write).

Affected Systems

MediaTek chipsets including the MT6890, MT7615, MT7915, MT7916, MT7981, and MT7986 are affected, as well as the MediaTek Software Development Kit. Embedded devices running OpenWrt 19.07.0, 21.02.0, and 23.05.0 that incorporate these chipsets are also susceptible.

Risk and Exploitability

The CVSS score of 8.8 indicates high severity. The EPSS score of less than 1% suggests a very low probability of exploitation at the time of assessment, and the vulnerability is not listed in the CISA KEV catalog. Attackers likely require proximity to the wireless network or adjacent network components to exploit the flaw, possibly through malicious packets or manipulation of wireless management traffic. No additional privileges or user interaction are needed once the vulnerable state is reached.

Generated by OpenCVE AI on April 16, 2026 at 17:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply MediaTek firmware patch WCNCR00461651 to resolve the buffer overflow in WLAN functionality.
  • If a firmware update is unavailable, disable or tightly restrict WLAN services to prevent untrusted wireless traffic from reaching the vulnerable component.
  • Monitor device logs for abnormal access patterns and conduct routine security audits of wireless configurations.

Generated by OpenCVE AI on April 16, 2026 at 17:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Title Remote WLAN Heap Buffer Overflow in MediaTek Chipsets

Wed, 04 Feb 2026 14:00:00 +0000

Type Values Removed Values Added
First Time appeared Mediatek software Development Kit
Openwrt
Openwrt openwrt
Weaknesses CWE-787
CPEs cpe:2.3:a:mediatek:software_development_kit:*:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7615:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7915:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7916:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7981:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7986:-:*:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:23.05.0:-:*:*:*:*:*:*
Vendors & Products Mediatek software Development Kit
Openwrt
Openwrt openwrt

Wed, 04 Feb 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Mediatek
Mediatek mt6890
Mediatek mt7615
Mediatek mt7915
Mediatek mt7916
Mediatek mt7981
Mediatek mt7986
Vendors & Products Mediatek
Mediatek mt6890
Mediatek mt7615
Mediatek mt7915
Mediatek mt7916
Mediatek mt7981
Mediatek mt7986

Tue, 03 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Mon, 02 Feb 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 02 Feb 2026 08:30:00 +0000

Type Values Removed Values Added
Description In wlan, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00461651; Issue ID: MSV-4758.
Weaknesses CWE-122
References

Subscriptions

Mediatek Mt6890 Mt7615 Mt7915 Mt7916 Mt7981 Mt7986 Software Development Kit
Openwrt Openwrt
cve-icon MITRE

Status: PUBLISHED

Assigner: MediaTek

Published:

Updated: 2026-03-30T13:02:57.756Z

Reserved: 2025-11-03T01:30:59.008Z

Link: CVE-2026-20408

cve-icon Vulnrichment

Updated: 2026-02-02T14:02:20.563Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-02T09:15:55.657

Modified: 2026-02-04T13:48:41.430

Link: CVE-2026-20408

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T17:45:27Z

Weaknesses