17 matches found
CVE-2024-20154
MediaTek Modem vulnerability CVE-2024-20154 arises from an out-of-bounds write due to a missing bounds check in the Modem component. This can lead to remote code execution when a UE connects to a rogue base station, with no additional execution privileges required and no user interaction. Affecte...
CVE-2022-21744
CVE-2022-21744 concerns the Modem 2G RR from MediaTek, where a missing bounds check enables an out-of-bounds write in PNCD decoding that can cause remote code execution. Exploitation requires no user interaction and is possible over the network; the issue is cited with Patch ID MOLY00810064 and I...
CVE-2022-20083
CVE-2022-20083 affects the Modem 2G/3G CC. The issue is an out-of-bounds write caused by a missing bounds check during decoding of a combined FACILITY, enabling remote code execution with network access and no user interaction. Public references in the provided documents point to a patch ID MOLY0...
CVE-2024-20039
The CVE-2024-20039 issue concerns MediaTek modem protocol components with a missing bounds check that enables an out-of-bounds write. This can lead to remote code execution with no privileges or user interaction required. Concrete details across connected documents identify the affected area as t...
CVE-2023-20819
CVE-2023-20819 affects MediaTek’s CDMA PPP protocol component, where a missing bounds check can enable an out-of-bounds write and remote escalation of privilege with no user interaction. A patch is identified as MOLY01068234 (Issue ALPS08010003); exploitation status is not provided in the availab...
CVE-2024-20077
CVE-2024-20077 affects MediaTek Modem. The issue is due to incorrect error handling in the Modem, which can cause a remote system crash and denial of service without requiring privileges or user interaction. Exploitation would use a network vector (AV:N, AC:L, PR:N, UI:N) and could impact availab...
CVE-2024-20076
CVE-2024-20076 concerns MediaTek Modem vulnerability where incorrect error handling can crash the system, enabling remote DoS with no privileges or user interaction. Affected component: Modem in MediaTek firmware; root cause described as error handling flaw. Severity/impact as reported: remote, u...
CVE-2021-40148
CVE-2021-40148 affects Modem EMM in Google Android devices. Root cause: missing data encryption in the modem EMM leads to information disclosure without privileges or user interaction. Impact: remote information disclosure. Remediation: patch MOLY00716585 (Issue ALPS05886933) has been released. E...
CVE-2024-20150
CVE-2024-20150 affects the Modem component in MediaTek chipsets. A logic error in the Modem can cause a system crash, enabling remote denial of service without privileges and without user interaction. The CVSS v3.1 base score is 7.5 (Network, Privileges Required: None, User Interaction: None, Ava...
CVE-2025-20667
CVE-2025-20667 concerns a remote information disclosure in the Modem due to incorrect error handling. The vulnerability allows information disclosure without user interaction if a user equipment (UE) connects to a rogue base station controlled by an attacker, with no additional execution privileg...
CVE-2022-26446
CVE-2022-26446 affects the Modem 4G RRC. The root cause is improper input validation in handling certain SIB12 (CMAS message) input, causing a system crash and remote denial of service. Exploitation is described as possible without additional execution privileges and without user interaction. The...
CVE-2023-32840
Summary: CVE-2023-32840 affects the modem CCCI component. The vulnerability is an out-of-bounds write caused by a missing bounds check, leading to local privilege escalation with System execution privileges required. Exploitation may require user interaction. Patch reference exists (MOLY01138425;...
CVE-2025-20678
The CVE-2025-20678 entry affects MediaTek IMS service. The vulnerability arises from incorrect error handling in the ims service, enabling remote denial of service when a UE connects to a rogue base station; exploitation requires no user interaction and no privileges. Reported impact is a system ...
CVE-2026-20434
CVE-2026-20434 affects the Modem component, where an out-of-bounds write due to a missing bounds check could allow remote escalation of privileges if a UE connects to a rogue base station. Exploitation requires no extra execution privileges but does require user interaction. Public disclosures in...
CVE-2025-20727
CVE-2025-20727 affects MediaTek MoLY modem software, describing a heap-buffer overflow that enables out-of-bounds writes and remote escalation of privilege when a UE connects to a rogue base station. The vulnerability arises from an out-of-bounds write in the Modem component, with no user interac...
CVE-2025-20725
CVE-2025-20725 affects MediaTek IMS service with an out-of-bounds write due to a missing bounds check. The issue enables remote escalation of privilege when a user equipment connects to a rogue base station; exploitation does not require user interaction. Patch MOLY01671924 (MSV-4620) is referenc...
CVE-2025-20726
CVE-2025-20726 affects MediaTek’s Modem, where an incorrect bounds check enables an out-of-bounds write. This could permit remote escalation of privilege if a user equipment (UE) connects to a rogue base station; exploitation requires no user interaction. A patch is available as MOLY01672598 (MSV...