Description
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01088681; Issue ID: MSV-4460.
Published: 2026-04-07
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Privilege Escalation
Action: Patch Immediately
AI Analysis

Impact

An out-of-bounds write in the MediaTek Modem firmware, caused by a missing bounds check, can lead to remote escalation of privilege. The flaw allows a malicious base station to write beyond the intended memory bounds when a user equipment (UE) connects, granting elevated privileges without any additional execution privileges. User interaction is required for the exploit to succeed, typically when the device is connected to a rogue base station.

Affected Systems

The vulnerability affects devices powered by MediaTek chipsets. No specific firmware version ranges are listed, but the issued patch MOLY01088681 addresses the issue and should be applied to all affected MediaTek Modem implementations.

Risk and Exploitability

This flaw carries a high CVSS score of 8.8, indicating significant potential impact. The EPSS score is below 1 %, suggesting that automated exploitation is currently unlikely, and it is not listed in the CISA KEV catalog. The likely attack vector is a rogue base station that a UE connects to; exploitation requires victim interaction but no additional access.

Generated by OpenCVE AI on April 7, 2026 at 19:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the MediaTek patch MOLY01088681 to all affected devices
  • Verify firmware version and ensure updates are applied promptly
  • Avoid connecting the device to suspicious or untrusted base stations during testing or in high‑risk environments
  • Review device connectivity settings to detect potential rogue base station activity

Generated by OpenCVE AI on April 7, 2026 at 19:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title MediaTek Modem Out‑of‑Bounds Write Allows Remote Privilege Escalation via Rogue Base Station
First Time appeared Mediatek
Mediatek mediatek Chipset
Vendors & Products Mediatek
Mediatek mediatek Chipset

Tue, 07 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 07 Apr 2026 07:15:00 +0000

Type Values Removed Values Added
Description In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01088681; Issue ID: MSV-4460.
Weaknesses CWE-787
References

Subscriptions

Mediatek Mediatek Chipset
cve-icon MITRE

Status: PUBLISHED

Assigner: MediaTek

Published:

Updated: 2026-04-08T03:55:26.543Z

Reserved: 2025-11-03T01:30:59.011Z

Link: CVE-2026-20433

cve-icon Vulnrichment

Updated: 2026-04-07T13:01:12.942Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-04-07T04:17:12.830

Modified: 2026-04-07T14:16:19.807

Link: CVE-2026-20433

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:50:10Z

Weaknesses