Description
In wlan AP/STA firmware, there is a possible system becoming irresponsive due to an uncaught exception. This could lead to remote (proximal/adjacent) denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00461663 / WCNCR00463309; Issue ID: MSV-4852.
Published: 2026-02-02
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote Denial of Service via Uncaught Exception
Action: Patch Immediately
AI Analysis

Impact

The vulnerability is an uncaught exception in MediaTek WLAN AP/STA firmware that can cause the system to become unresponsive, resulting in a remote, even proximal/adjacent denial of service. No additional privileges or user interaction are required for exploitation, and the weakness is classified as CWE-754, reflecting an lack of proper exception handling.

Affected Systems

MediaTek chipsets and firmware, including NBiot SDK and Software Development Kit components, are affected. The vulnerability impacts a broad range of MediaTek hardware, such as MT6890, MT6989TB, MT7902, MT7915, MT7916, MT7920, MT7921, MT7922, MT7925, MT7927, MT7981, MT7986, MT8196, MT8668, MT8676, MT8678, MT8775, MT8791T, MT8792, MT8793, MT8796, MT8873, MT8883, MT8893, MT8910, and any devices running OpenWrt 19.07.0 or 21.02.0 firmware that incorporate MediaTek components.

Risk and Exploitability

The CVSS v3 score of 6.5 indicates a moderate severity, while the EPSS score of less than 1% signifies a very low probability of exploitation in the wild. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Attackers can trigger the flaw by remotely delivering an AP/STA payload that triggers an unhandled exception, leading to a device crash without requiring any elevated privileges or user interaction.

Generated by OpenCVE AI on April 16, 2026 at 07:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official firmware update that contains the exception‑handling fix (patch IDs WCNCR00461663/WCNCR00463309) to all affected MediaTek Wi‑Fi devices.
  • If an immediate firmware update is not possible, limit the device’s external network exposure by disabling or restricting unmanaged WLAN interfaces until a patch is available.
  • Monitor the device for abnormal restarts or logs indicating crashes, and coordinate with MediaTek support to accelerate the release of an update for legacy chipsets.

Generated by OpenCVE AI on April 16, 2026 at 07:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 07:30:00 +0000

Type Values Removed Values Added
Title Firmware Exception Causes Remote Denial of Service in MediaTek WLAN Devices

Thu, 05 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 03 Feb 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Mediatek
Mediatek mt6890
Mediatek mt6989tb
Mediatek mt7902
Mediatek mt7915
Mediatek mt7916
Mediatek mt7920
Mediatek mt7921
Mediatek mt7922
Mediatek mt7925
Mediatek mt7927
Mediatek mt7981
Mediatek mt7986
Mediatek mt8196
Mediatek mt8668
Mediatek mt8676
Mediatek mt8678
Mediatek mt8775
Mediatek mt8791t
Mediatek mt8792
Mediatek mt8793
Mediatek mt8796
Mediatek mt8873
Mediatek mt8883
Mediatek mt8893
Mediatek mt8910
Mediatek nbiot Sdk
Mediatek software Development Kit
Openwrt
Openwrt openwrt
CPEs cpe:2.3:a:mediatek:nbiot_sdk:*:*:*:*:*:*:*:*
cpe:2.3:a:mediatek:software_development_kit:*:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6989tb:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7902:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7915:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7916:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7920:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7921:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7922:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7925:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7927:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7981:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7986:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8196:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8668:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8676:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8775:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8792:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8793:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8873:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8883:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8893:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8910:-:*:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*
Vendors & Products Mediatek
Mediatek mt6890
Mediatek mt6989tb
Mediatek mt7902
Mediatek mt7915
Mediatek mt7916
Mediatek mt7920
Mediatek mt7921
Mediatek mt7922
Mediatek mt7925
Mediatek mt7927
Mediatek mt7981
Mediatek mt7986
Mediatek mt8196
Mediatek mt8668
Mediatek mt8676
Mediatek mt8678
Mediatek mt8775
Mediatek mt8791t
Mediatek mt8792
Mediatek mt8793
Mediatek mt8796
Mediatek mt8873
Mediatek mt8883
Mediatek mt8893
Mediatek mt8910
Mediatek nbiot Sdk
Mediatek software Development Kit
Openwrt
Openwrt openwrt

Mon, 02 Feb 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 02 Feb 2026 08:30:00 +0000

Type Values Removed Values Added
Description In wlan AP/STA firmware, there is a possible system becoming irresponsive due to an uncaught exception. This could lead to remote (proximal/adjacent) denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00461663 / WCNCR00463309; Issue ID: MSV-4852.
Weaknesses CWE-754
References

Subscriptions

Mediatek Mt6890 Mt6989tb Mt7902 Mt7915 Mt7916 Mt7920 Mt7921 Mt7922 Mt7925 Mt7927 Mt7981 Mt7986 Mt8196 Mt8668 Mt8676 Mt8678 Mt8775 Mt8791t Mt8792 Mt8793 Mt8796 Mt8873 Mt8883 Mt8893 Mt8910 Nbiot Sdk Software Development Kit
Openwrt Openwrt
cve-icon MITRE

Status: PUBLISHED

Assigner: MediaTek

Published:

Updated: 2026-03-30T13:03:33.830Z

Reserved: 2025-11-03T01:30:59.009Z

Link: CVE-2026-20419

cve-icon Vulnrichment

Updated: 2026-02-02T13:45:02.991Z

cve-icon NVD

Status : Modified

Published: 2026-02-02T09:15:56.990

Modified: 2026-02-05T17:16:13.460

Link: CVE-2026-20419

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T07:15:28Z

Weaknesses