Description
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01406170; Issue ID: MSV-4461.
Published: 2026-04-07
Score: 8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote privilege escalation
Action: Apply Patch
AI Analysis

Impact

The Modem firmware for MediaTek chipsets contains a missing bounds check that allows an out‑of‑bounds write. This flaw can corrupt memory locations and, if triggered, grants elevated privileges to an entity that controls a rogue base station. Remote exploitation requires a user equipment (UE) to connect to a malicious cell tower; no additional execution privileges are needed, though user interaction with the network is required.

Affected Systems

The vulnerability affects all MediaTek chipset devices whose modem firmware has not been updated with the vendor‑issued patch (Patch ID: MOLY01406170). Any firmware releases issued before the April 2026 security bulletin are potentially impacted.

Risk and Exploitability

The CVSS score of 8 indicates a high severity, while the EPSS score of less than 1 % suggests a low current probability of exploitation. Exploitation is only possible when the target device establishes a connection with an attacker‑controlled base station, making the attack path dependent on the deployment of a rogue tower and the device’s network choice. No exploitation evidence is present in the CVE data, but the combination of remote attack capability and privilege escalation warrants careful assessment.

Generated by OpenCVE AI on April 7, 2026 at 20:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch MOLY01406170 to the device’s firmware
  • Verify after the update that the firmware version matches the patched release
  • Limit device connectivity to known authorized base stations to reduce exposure
  • Monitor device logs for connections to unfamiliar or unexpected base stations
  • Report suspected exploitation attempts to the vendor to aid rapid response

Generated by OpenCVE AI on April 7, 2026 at 20:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Modem Out‐of‑Bounds Write Leading to Remote Privilege Escalation

Tue, 07 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 07 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Mediatek, Inc.
Mediatek, Inc. mediatek Chipset
Vendors & Products Mediatek, Inc.
Mediatek, Inc. mediatek Chipset

Tue, 07 Apr 2026 07:15:00 +0000

Type Values Removed Values Added
Description In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01406170; Issue ID: MSV-4461.
Weaknesses CWE-787
References

Subscriptions

Mediatek, Inc. Mediatek Chipset
cve-icon MITRE

Status: PUBLISHED

Assigner: MediaTek

Published:

Updated: 2026-04-08T03:55:25.369Z

Reserved: 2025-11-03T01:30:59.011Z

Link: CVE-2026-20432

cve-icon Vulnrichment

Updated: 2026-04-07T12:59:49.248Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-04-07T04:17:12.413

Modified: 2026-04-07T14:16:19.247

Link: CVE-2026-20432

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:50:11Z

Weaknesses