Description
In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01106496; Issue ID: MSV-4467.
Published: 2026-04-07
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote Denial of Service via Modem Crash
Action: Immediate Patch
AI Analysis

Impact

This vulnerability is a logic error within the modem firmware that can cause a system crash, leading to a remote denial of service. No additional privileges or user interaction are required. The flaw would disable device operation for any user connected to a rogue base station.

Affected Systems

The flaw affects MediaTek chipset models MT6813, MT6815, MT6835, MT6878, MT6897, MT6899, MT6986, MT6991, MT6993, MT8668, MT8676, MT8678, MT8755, MT8775, MT8792, MT8793, MT8863, MT8873, MT8883 and their associated firmware. No specific firmware versions are listed, so all current releases may be impacted.

Risk and Exploitability

The CVSS base score of 6.5 indicates medium severity. EPSS is below 1%, suggesting low exploitation probability. The vulnerability is not listed in KEV. An attacker could exploit the flaw by controlling a rogue base station that a user equipment connects to, causing the target device to crash without any user interaction or elevated privileges. The overall risk is moderate with a low likelihood of exploitation under current circumstances.

Generated by OpenCVE AI on April 10, 2026 at 21:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the MediaTek firmware update identified by Patch ID MOLY01106496 to all affected devices.
  • Verify that the firmware has been successfully installed and reboot the devices to ensure stability.
  • Monitor device logs and network connectivity for signs of unexpected crashes.
  • If the patch is not yet available, consider isolating affected devices from known rogue base stations until remediation is applied.

Generated by OpenCVE AI on April 10, 2026 at 21:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Modem Logic Error Causing Remote Device Crash

Fri, 10 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Mediatek
Mediatek mt6813
Mediatek mt6813 Firmware
Mediatek mt6815
Mediatek mt6815 Firmware
Mediatek mt6835
Mediatek mt6835 Firmware
Mediatek mt6878
Mediatek mt6878 Firmware
Mediatek mt6897
Mediatek mt6897 Firmware
Mediatek mt6899
Mediatek mt6899 Firmware
Mediatek mt6986
Mediatek mt6986 Firmware
Mediatek mt6991
Mediatek mt6991 Firmware
Mediatek mt6993
Mediatek mt6993 Firmware
Mediatek mt8668
Mediatek mt8668 Firmware
Mediatek mt8676
Mediatek mt8676 Firmware
Mediatek mt8678
Mediatek mt8678 Firmware
Mediatek mt8755
Mediatek mt8755 Firmware
Mediatek mt8775
Mediatek mt8775 Firmware
Mediatek mt8792
Mediatek mt8792 Firmware
Mediatek mt8793
Mediatek mt8793 Firmware
Mediatek mt8863
Mediatek mt8863 Firmware
Mediatek mt8873
Mediatek mt8873 Firmware
Mediatek mt8883
Mediatek mt8883 Firmware
CPEs cpe:2.3:h:mediatek:mt6813:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6815:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6899:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6986:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6991:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6993:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8668:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8676:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8755:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8775:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8792:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8793:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8863:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8873:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8883:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6813_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6815_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6835_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6878_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6897_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6899_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6986_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6991_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6993_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8668_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8676_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8678_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8755_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8775_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8792_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8793_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8863_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8873_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt8883_firmware:-:*:*:*:*:*:*:*
Vendors & Products Mediatek
Mediatek mt6813
Mediatek mt6813 Firmware
Mediatek mt6815
Mediatek mt6815 Firmware
Mediatek mt6835
Mediatek mt6835 Firmware
Mediatek mt6878
Mediatek mt6878 Firmware
Mediatek mt6897
Mediatek mt6897 Firmware
Mediatek mt6899
Mediatek mt6899 Firmware
Mediatek mt6986
Mediatek mt6986 Firmware
Mediatek mt6991
Mediatek mt6991 Firmware
Mediatek mt6993
Mediatek mt6993 Firmware
Mediatek mt8668
Mediatek mt8668 Firmware
Mediatek mt8676
Mediatek mt8676 Firmware
Mediatek mt8678
Mediatek mt8678 Firmware
Mediatek mt8755
Mediatek mt8755 Firmware
Mediatek mt8775
Mediatek mt8775 Firmware
Mediatek mt8792
Mediatek mt8792 Firmware
Mediatek mt8793
Mediatek mt8793 Firmware
Mediatek mt8863
Mediatek mt8863 Firmware
Mediatek mt8873
Mediatek mt8873 Firmware
Mediatek mt8883
Mediatek mt8883 Firmware

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Modem Logic Error Causing Remote Device Crash

Tue, 07 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 07 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Mediatek, Inc.
Mediatek, Inc. mediatek Chipset
Vendors & Products Mediatek, Inc.
Mediatek, Inc. mediatek Chipset

Tue, 07 Apr 2026 07:15:00 +0000

Type Values Removed Values Added
Description In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01106496; Issue ID: MSV-4467.
Weaknesses CWE-770
References

Subscriptions

Mediatek Mt6813 Mt6813 Firmware Mt6815 Mt6815 Firmware Mt6835 Mt6835 Firmware Mt6878 Mt6878 Firmware Mt6897 Mt6897 Firmware Mt6899 Mt6899 Firmware Mt6986 Mt6986 Firmware Mt6991 Mt6991 Firmware Mt6993 Mt6993 Firmware Mt8668 Mt8668 Firmware Mt8676 Mt8676 Firmware Mt8678 Mt8678 Firmware Mt8755 Mt8755 Firmware Mt8775 Mt8775 Firmware Mt8792 Mt8792 Firmware Mt8793 Mt8793 Firmware Mt8863 Mt8863 Firmware Mt8873 Mt8873 Firmware Mt8883 Mt8883 Firmware
Mediatek, Inc. Mediatek Chipset
cve-icon MITRE

Status: PUBLISHED

Assigner: MediaTek

Published:

Updated: 2026-04-07T12:59:17.543Z

Reserved: 2025-11-03T01:30:59.011Z

Link: CVE-2026-20431

cve-icon Vulnrichment

Updated: 2026-04-07T12:59:10.087Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-07T04:16:59.930

Modified: 2026-04-10T19:58:43.890

Link: CVE-2026-20431

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T14:27:19Z

Weaknesses