A remote denial‑of‑service flaw exists in MediaTek modem firmware due to improper input validation. When a user equipment connects to a rogue base station controlled by an attacker, the vulnerability can cause the modem to crash, disrupting communications. The flaw is a classic unchecked input weakness (CWE‑617) and does not require privileged access or user interaction to trigger.

Affected devices include MediaTek chipsets such as mt2735, mt2737, mt6813, mt6815, mt6833, mt6835, mt6853, mt6855, mt6858, mt6873, mt6875, mt6877, mt6878, mt6879, mt6880, mt6883, mt6885, mt6886, mt6889, mt6890, mt6891, mt6893, mt6895, mt6896, mt6897, mt6899, mt6980, mt6983, mt6985, mt6986, mt6989, mt6990, mt6991, mt6993, mt8668, mt8673, mt8675, mt8676, mt8678, mt8755, mt8771, mt8775, mt8791, mt8791t, mt8792, mt8793, mt8795t, mt8797, mt8798, mt8863, mt8873, mt8883, mt8893 as well as the associated operating system families nr15, nr16, nr17, and nr17r.

The CVSS v3.1 score is 6.5, indicating a medium‑to‑high impact. EPSS is reported as less than 1 %, suggesting low probability of exploitation in the wild, and the flaw is not listed in the CISA KEV catalog. Because the attack requires only a rogue base station and no user interaction, the threat exists for any device connected to a susceptible network. The lack of privilege escalation limits the scope to availability, but the potential for widespread service interruption raises the overall risk.