6.5

CVE-2026-20431

In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01106496; Issue ID: MSV-4467.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MediatekMt6813 Firmware Version-
   MediatekMt6813 Version-
MediatekMt6815 Firmware Version-
   MediatekMt6815 Version-
MediatekMt6835 Firmware Version-
   MediatekMt6835 Version-
MediatekMt6878 Firmware Version-
   MediatekMt6878 Version-
MediatekMt6897 Firmware Version-
   MediatekMt6897 Version-
MediatekMt6899 Firmware Version-
   MediatekMt6899 Version-
MediatekMt6986 Firmware Version-
   MediatekMt6986 Version-
MediatekMt6991 Firmware Version-
   MediatekMt6991 Version-
MediatekMt6993 Firmware Version-
   MediatekMt6993 Version-
MediatekMt8668 Firmware Version-
   MediatekMt8668 Version-
MediatekMt8676 Firmware Version-
   MediatekMt8676 Version-
MediatekMt8678 Firmware Version-
   MediatekMt8678 Version-
MediatekMt8755 Firmware Version-
   MediatekMt8755 Version-
MediatekMt8775 Firmware Version-
   MediatekMt8775 Version-
MediatekMt8792 Firmware Version-
   MediatekMt8792 Version-
MediatekMt8793 Firmware Version-
   MediatekMt8793 Version-
MediatekMt8863 Firmware Version-
   MediatekMt8863 Version-
MediatekMt8873 Firmware Version-
   MediatekMt8873 Version-
MediatekMt8883 Firmware Version-
   MediatekMt8883 Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.12
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 2.8 3.6
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.