Description
In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480138; Issue ID: MSV-6295.
Published: 2026-06-01
Score: 8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A heap buffer overflow exists in the WLAN Access Point driver of MediaTek chipsets, enabling memory corruption. This flaw can be triggered without user interaction and may result in remote code execution on the device at the privilege level of the executing user. The vulnerability is a classic buffer overflow (CWE-122), potentially compromising confidentiality, integrity, and availability if exploited.

Affected Systems

The flaw affects MediaTek chipsets' WLAN AP driver. No specific version numbers are listed, so any firmware that includes the vulnerable driver may be impacted.

Risk and Exploitability

The CVSS score is 8.0, EPSS is not available, and the vulnerability is not listed in CISA KEV. The heap buffer overflow allows remote code execution without user interaction; it is inferred that an attacker would send crafted frames to the device. Because no user interaction is required, the threat is high; an attacker who can reach the WLAN AP could compromise confidentiality, integrity, and availability of the network and connected devices.

Generated by OpenCVE AI on June 1, 2026 at 13:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch WCNCR00480138 to all firmware that contains the compromised WLAN AP driver.
  • If a patch is not yet available, isolate the WLAN AP interface from untrusted remote traffic using firewall rules or network segmentation so that crafted frames cannot reach the vulnerable driver.
  • Monitor network traffic and system logs for anomalous packets or repeated access attempts that might indicate exploitation attempts, and deploy intrusion detection systems tuned to detect buffer overflow indicators.

Generated by OpenCVE AI on June 1, 2026 at 13:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Mediatek
Mediatek mt6890
Mediatek mt6890 Firmware
Mediatek mt7615
Mediatek mt7615 Firmware
Mediatek mt7915
Mediatek mt7915 Firmware
Mediatek mt7916
Mediatek mt7916 Firmware
Mediatek mt7981
Mediatek mt7981 Firmware
Mediatek mt7986
Mediatek mt7986 Firmware
Mediatek mt7990
Mediatek mt7990 Firmware
Mediatek mt7992
Mediatek mt7992 Firmware
Mediatek mt7993
Mediatek mt7993 Firmware
CPEs cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7615:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7915:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7916:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7981:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7986:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7990:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7992:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7993:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt6890_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt7615_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt7915_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt7916_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt7981_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt7986_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt7990_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt7992_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt7993_firmware:-:*:*:*:*:*:*:*
Vendors & Products Mediatek
Mediatek mt6890
Mediatek mt6890 Firmware
Mediatek mt7615
Mediatek mt7615 Firmware
Mediatek mt7915
Mediatek mt7915 Firmware
Mediatek mt7916
Mediatek mt7916 Firmware
Mediatek mt7981
Mediatek mt7981 Firmware
Mediatek mt7986
Mediatek mt7986 Firmware
Mediatek mt7990
Mediatek mt7990 Firmware
Mediatek mt7992
Mediatek mt7992 Firmware
Mediatek mt7993
Mediatek mt7993 Firmware

Mon, 01 Jun 2026 14:15:00 +0000

Type Values Removed Values Added
Title Remote Code Execution via Heap Buffer Overflow in MediaTek WLAN AP Driver

Mon, 01 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 05:45:00 +0000

Type Values Removed Values Added
Title Remote Code Execution via Heap Buffer Overflow in MediaTek WLAN AP Driver
First Time appeared Mediatek, Inc.
Mediatek, Inc. mediatek Chipset
Vendors & Products Mediatek, Inc.
Mediatek, Inc. mediatek Chipset

Mon, 01 Jun 2026 04:00:00 +0000

Type Values Removed Values Added
Description In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480138; Issue ID: MSV-6295.
Weaknesses CWE-122
References

Subscriptions

Mediatek Mt6890 Mt6890 Firmware Mt7615 Mt7615 Firmware Mt7915 Mt7915 Firmware Mt7916 Mt7916 Firmware Mt7981 Mt7981 Firmware Mt7986 Mt7986 Firmware Mt7990 Mt7990 Firmware Mt7992 Mt7992 Firmware Mt7993 Mt7993 Firmware
Mediatek, Inc. Mediatek Chipset
cve-icon MITRE

Status: PUBLISHED

Assigner: MediaTek

Published:

Updated: 2026-06-02T03:55:38.204Z

Reserved: 2025-11-03T01:30:59.013Z

Link: CVE-2026-20452

cve-icon Vulnrichment

Updated: 2026-06-01T11:00:54.420Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-01T04:16:21.753

Modified: 2026-06-01T18:12:11.313

Link: CVE-2026-20452

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T14:00:16Z

Weaknesses
  • CWE-122

    Heap-based Buffer Overflow