Nr15@- Security Vulnerabilities and Issues — Nr15@- CVE List

Lucene search

MediatekNr15-

31 matches found

CVE•added 2022/07/06 2:15 p.m.•108 views

CVE-2022-21744

In Modem 2G RR, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution when decoding GPRS Packet Neighbour Cell Data (PNCD) improper neighbouring cell size with no additional execution privileges needed. User interaction is not needed for exp...

10CVSS9.4AI score0.05539EPSS

CVE•added 2022/07/06 2:15 p.m.•90 views

CVE-2022-20083

In Modem 2G/3G CC, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution when decoding combined FACILITY with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00803883; Issue ID: MOLY0...

10CVSS9.2AI score0.03771EPSS

CVE•added 2024/04/01 3:15 a.m.•76 views

CVE-2024-20039

In modem protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01240012; Issue ID: MSV-1215.

8.8CVSS7.7AI score0.04077EPSS

CVE•added 2024/01/02 3:15 a.m.•75 views

CVE-2023-32890

In modem EMM, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01183647; Issue ID: MOLY01183647 (MSV-963).

7.5CVSS7.4AI score0.00395EPSS

CVE•added 2025/05/05 3:15 a.m.•74 views

CVE-2025-20666

In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ...

7.5CVSS6.7AI score0.0038EPSS

CVE•added 2025/03/03 3:15 a.m.•73 views

CVE-2025-20644

In Modem, there is a possible memory corruption due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Pa...

7.5CVSS6.9AI score0.0032EPSS

CVE•added 2023/10/02 3:15 a.m.•71 views

CVE-2023-20819

In CDMA PPP protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: MOLY01068234; Issue ID: ALPS08010003.

9.8CVSS9.1AI score0.02194EPSS

CVE•added 2025/01/06 4:15 a.m.•70 views

CVE-2024-20150

In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01412526; Issue ID: MSV-2018.

7.5CVSS7.2AI score0.01314EPSS

CVE•added 2024/08/14 3:15 a.m.•68 views

CVE-2024-20082

In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01182594; Issue ID: MSV-1529.

9.8CVSS7.6AI score0.01111EPSS

CVE•added 2024/10/07 3:15 a.m.•62 views

CVE-2024-20094

In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00843282; Issue ID: MSV-1535.

7.5CVSS7AI score0.00518EPSS

CVE•added 2023/11/06 4:15 a.m.•57 views

CVE-2023-20702

In 5G NRLC, there is a possible invalid memory access due to lack of error handling. This could lead to remote denial of service, if UE received invalid 1-byte rlc sdu, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00921261; Issue ID:...

7.5CVSS7.5AI score0.01511EPSS

CVE•added 2023/12/04 4:15 a.m.•56 views

CVE-2023-32841

In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01128524; Issue ID: MOLY011...

7.5CVSS7.4AI score0.01548EPSS

CVE•added 2024/01/02 3:15 a.m.•56 views

CVE-2023-32874

In Modem IMS Stack, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161803; Issue ID: MOLY01161803 (MSV-893).

9.8CVSS9.2AI score0.03195EPSS

CVE•added 2024/06/03 2:15 a.m.•56 views

CVE-2024-20069

In modem, there is a possible selection of less-secure algorithm during the VoWiFi IKE due to a missing DH downgrade check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01286330; Issue...

6.5CVSS6.4AI score0.00648EPSS

CVE•added 2023/12/04 4:15 a.m.•53 views

CVE-2023-32843

7.5CVSS7.4AI score0.01189EPSS

CVE•added 2022/01/04 4:15 p.m.•52 views

CVE-2021-40148

In Modem EMM, there is a possible information disclosure due to a missing data encryption. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00716585; Issue ID: ALPS05886933.

7.5CVSS7AI score0.00202EPSS

CVE•added 2024/01/02 3:15 a.m.•52 views

CVE-2023-32891

In bluetooth service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07933038; Issue ID: MSV-559.

6.7CVSS6.7AI score0.00015EPSS

CVE•added 2024/02/05 6:15 a.m.•52 views

CVE-2024-20003

In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY0119161...

7.5CVSS7.5AI score0.01908EPSS

CVE•added 2023/12/04 4:15 a.m.•49 views

CVE-2023-32842

7.5CVSS7.4AI score0.04196EPSS

CVE•added 2024/01/02 3:15 a.m.•48 views

CVE-2023-32886

In Modem IMS SMS UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00730807; Issue ID: MOLY00730807.

7.5CVSS7.4AI score0.01076EPSS

CVE•added 2022/11/08 9:15 p.m.•45 views

CVE-2022-26446

In Modem 4G RRC, there is a possible system crash due to improper input validation. This could lead to remote denial of service, when concatenating improper SIB12 (CMAS message), with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00867883;...

7.5CVSS7.5AI score0.01252EPSS

CVE•added 2023/11/06 4:15 a.m.•45 views

CVE-2023-32840

In modem CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction may be also needed for exploitation Patch ID: MOLY01138425; Issue ID: MOLY01138425 (MSV-862).

8.4CVSS6.6AI score0.0003EPSS

CVE•added 2025/05/05 3:15 a.m.•45 views

CVE-2025-20667

In Modem, there is a possible information disclosure due to incorrect error handling. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploi...

7.5CVSS6.2AI score0.00053EPSS

CVE•added 2024/01/02 3:15 a.m.•43 views

CVE-2023-32887

In Modem IMS Stack, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161837; Issue ID: MOLY01161837 (MSV-892).

7.5CVSS7.3AI score0.01462EPSS

CVE•added 2024/01/02 3:15 a.m.•43 views

CVE-2023-32888

In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161830; Issue ID: MOLY01161830 (MSV-894).

7.5CVSS7.4AI score0.01968EPSS

CVE•added 2024/02/05 6:15 a.m.•42 views

CVE-2024-20004

7.5CVSS7.5AI score0.01908EPSS

CVE•added 2025/06/02 3:15 a.m.•38 views

CVE-2025-20678

In ims service, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. P...

7.5CVSS7AI score0.0021EPSS

CVE•added 2023/12/04 4:15 a.m.•36 views

CVE-2023-32845

7.5CVSS7.4AI score0.02168EPSS

CVE•added 2023/12/04 4:15 a.m.•33 views

CVE-2023-32846

7.5CVSS7.4AI score0.04196EPSS

CVE•added 2024/06/03 2:15 a.m.•33 views

CVE-2024-20070

In modem, there is a possible information disclosure due to using risky cryptographic algorithm during connection establishment negotiation. This could lead to remote information disclosure, when weak encryption algorithm is used, with no additional execution privileges needed. User interaction is ...

5.1CVSS6.7AI score0.00339EPSS

CVE•added 2023/12/04 4:15 a.m.•32 views

CVE-2023-32844

7.5CVSS7.4AI score0.04196EPSS