Description
In wlan STA driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00465314; Issue ID: MSV-4956.
Published: 2026-03-02
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation
Action: Patch Now
AI Analysis

Impact

The vulnerability in Mediatek’s WLAN Station driver arises from a missing bounds check, allowing an attacker to perform an out‑of‑bounds write. This defect can be exploited to gain higher privileges on the device, provided the attacker already holds standard user execution rights on the system. No additional user interaction is required, meaning the flaw can be leveraged purely locally.

Affected Systems

Devices with Mediatek chipsets—including the MT7902, MT7920, MT7921, MT7922, MT7925, and MT7927—are impacted, as are systems utilizing the Mediatek nbiot_sdk. The vulnerability is specific to the WLAN STA driver within these components.

Risk and Exploitability

With a CVSS score of 7.8 the flaw is considered high severity, yet the EPSS score of less than 1% indicates a very low likelihood of exploitation in the wild. The vulnerability is not present in CISA’s KEV catalog, but the combination of local escalation and the lack of user interaction makes it a serious risk for any system with an exposed Mediatek WLAN STA driver. An attacker would need user execution privileges on the device and would then trigger the out‑of‑bounds write to elevate those privileges without further input.

Generated by OpenCVE AI on April 16, 2026 at 14:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch identified by patch ID WCNCR00465314 (Issue ID MSV-4956) to the affected WLAN STA driver.
  • Reboot the device after patch application to ensure the changes take effect.
  • If a patch is not immediately available, restrict local user rights and disable the WLAN interface through system configuration to mitigate the risk.

Generated by OpenCVE AI on April 16, 2026 at 14:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Write in Mediatek WLAN STA Driver Leads to Local Privilege Escalation

Tue, 03 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 03 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
First Time appeared Mediatek
Mediatek mt7902
Mediatek mt7920
Mediatek mt7921
Mediatek mt7922
Mediatek mt7925
Mediatek mt7927
Mediatek nbiot Sdk
Weaknesses CWE-787
CPEs cpe:2.3:a:mediatek:nbiot_sdk:*:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7902:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7920:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7921:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7922:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7925:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7927:-:*:*:*:*:*:*:*
Vendors & Products Mediatek
Mediatek mt7902
Mediatek mt7920
Mediatek mt7921
Mediatek mt7922
Mediatek mt7925
Mediatek mt7927
Mediatek nbiot Sdk

Mon, 02 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 02 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
Description In wlan STA driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00465314; Issue ID: MSV-4956.
Weaknesses CWE-749
References

Subscriptions

Mediatek Mt7902 Mt7920 Mt7921 Mt7922 Mt7925 Mt7927 Nbiot Sdk
cve-icon MITRE

Status: PUBLISHED

Assigner: MediaTek

Published:

Updated: 2026-03-30T13:05:18.799Z

Reserved: 2025-11-03T01:30:59.010Z

Link: CVE-2026-20423

cve-icon Vulnrichment

Updated: 2026-03-02T18:47:45.450Z

cve-icon NVD

Status : Modified

Published: 2026-03-02T09:16:15.340

Modified: 2026-03-03T17:16:18.047

Link: CVE-2026-20423

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T14:45:25Z

Weaknesses