An out‑of‑bounds write in MediaTek modem firmware, identified as a CWE‑787 defect, can occur when a user equipment connects to a rogue base station that the attacker controls. The missing bounds check allows the attacker to overwrite memory during the connection hand‑shake, elevating the device’s privileges. The likely attack vector is a nearby malicious base station; user interaction is required, meaning the victim must come into proximity and pair with the rogue network for exploitation to succeed.

This vulnerability affects a broad array of MediaTek chipsets, including MT2735, MT2737, MT6813, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6877, MT6878, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6896, MT6897, MT6899, MT6980, MT6983, MT6985, MT6989, MT6990, MT6991, MT8668, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8775, MT8791, MT8792, MT8793, MT8795, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893, as well as the corresponding firmware releases enumerated in the CPE data. All devices utilizing these chipsets in modem mode are potentially impacted.

The CVSS score of 8.8 classifies the flaw as high severity, while the EPSS score of less than 1 % indicates a low probability of exploitation in the near term. The vulnerability is not catalogued in the CISA KEV list. Exploitation requires the victim device to physically or logically connect to a rogue base station that the attacker controls; no additional code execution privileges are required. Given the proximity requirement, the real‑world risk is contingent on the attacker’s ability to operate or deploy malicious radio equipment in the target area.