Lucene search
+L
MediatekNr16

57 matches found

CVE
CVE
added 2022/07/06 1:5 p.m.157 views

CVE-2022-21744

CVE-2022-21744 concerns the Modem 2G RR from MediaTek, where a missing bounds check enables an out-of-bounds write in PNCD decoding that can cause remote code execution. Exploitation requires no user interaction and is possible over the network; the issue is cited with Patch ID MOLY00810064 and I...

10CVSS9.4AI score0.03111EPSS
CVE
CVE
added 2022/07/06 1:5 p.m.140 views

CVE-2022-20083

CVE-2022-20083 affects the Modem 2G/3G CC. The issue is an out-of-bounds write caused by a missing bounds check during decoding of a combined FACILITY, enabling remote code execution with network access and no user interaction. Public references in the provided documents point to a patch ID MOLY0...

10CVSS9.2AI score0.02532EPSS
CVE
CVE
added 2025/02/03 3:23 a.m.137 views

CVE-2025-20634

CVE-2025-20634 concerns MediaTek Modem firmware (notably MT8863 NR16/NR17 and related MT2737-based devices) where a missing bounds check enables an out-of-bounds write. The issue allows remote code execution over the network without user interaction, if the device connects to a rogue base station...

9.8CVSS7.3AI score0.00731EPSS
CVE
CVE
added 2024/01/02 2:50 a.m.127 views

CVE-2023-32890

CVE-2023-32890 affects MediaTek Modem EMM. The issue is a crash caused by improper input validation, enabling remote denial of service with no user interaction. Exploitation is possible over the network (per CVSS) and does not require privileges. A patch identified as MOLY01183647 (MSV-963) is pr...

7.5CVSS7.4AI score0.0076EPSS
CVE
CVE
added 2024/04/01 2:34 a.m.126 views

CVE-2024-20039

The CVE-2024-20039 issue concerns MediaTek modem protocol components with a missing bounds check that enables an out-of-bounds write. This can lead to remote code execution with no privileges or user interaction required. Concrete details across connected documents identify the affected area as t...

8.8CVSS7.7AI score0.00878EPSS
CVE
CVE
added 2025/03/03 2:25 a.m.122 views

CVE-2025-20644

CVE-2025-20644 affects MediaTek Modem; memory corruption due to improper error handling could enable remote denial of service when a UE connects to a rogue base station. No user interaction required; exploitation vector is remote over the air with adjacent access. A patch is available: MOLY015256...

6.5CVSS6.9AI score0.0038EPSS
CVE
CVE
added 2023/10/02 2:5 a.m.118 views

CVE-2023-20819

CVE-2023-20819 affects MediaTek’s CDMA PPP protocol component, where a missing bounds check can enable an out-of-bounds write and remote escalation of privilege with no user interaction. A patch is identified as MOLY01068234 (Issue ALPS08010003); exploitation status is not provided in the availab...

9.8CVSS9.1AI score0.00609EPSS
CVE
CVE
added 2024/08/14 3:2 a.m.115 views

CVE-2024-20082

CVE-2024-20082 affects MediaTek’s Modem component, where a missing bounds check can cause memory corruption, enabling remote code execution with no privileges and no user interaction. Impact is described as High/Total in multiple sources; exploitation status is not detailed in the provided docume...

9.8CVSS7.6AI score0.01364EPSS
CVE
CVE
added 2024/06/03 2:4 a.m.114 views

CVE-2024-20066

The CVE-2024-20066 issue affects MediaTek Modem, caused by an incorrect bounds check leading to a possible out-of-bounds write. This enables remote denial of service with no privileges required and no user interaction needed. Remediation is available via patch MOLY01267281 (MSV-1477).

7.5CVSS6.9AI score0.00669EPSS
CVE
CVE
added 2023/12/04 3:45 a.m.109 views

CVE-2023-32841

The CVE-2023-32841 entry affects MediaTek’s 5G Modem. The vulnerability arises from improper error handling in the 5G Modem, which can cause a system crash and remote denial of service when processing malformed RRC messages. Exploitation requires no user interaction and does not need additional e...

7.5CVSS7.4AI score0.01369EPSS
CVE
CVE
added 2023/11/06 3:50 a.m.107 views

CVE-2023-20702

CVE-2023-20702 affects MediaTek 5G NRLC modules. The vulnerability is an invalid memory access in the 5G NRLC processing path caused by insufficient error handling when handling a 1-byte RLC SDU, which could lead to a remote denial of service without user interaction. The issue is discussed in mu...

7.5CVSS7.5AI score0.01082EPSS
CVE
CVE
added 2024/06/03 2:4 a.m.107 views

CVE-2024-20067

CVE-2024-20067 affects the modem component (MediaTek/MOLY stack). The advisory describes an possible out-of-bounds write caused by improper input invalidation in the modem, which could enable a remote denial of service with no required privileges and without user interaction. The issue is documen...

9.8CVSS6.9AI score0.00724EPSS
CVE
CVE
added 2024/06/03 2:4 a.m.103 views

CVE-2024-20068

CVE-2024-20068 affects the Modem component described in multiple sources as an input validation issue that can crash the system and cause remote denial of service without extra privileges or user interaction. Public documents consistently identify Modem as the affected area and note the vulnerabi...

5.9CVSS6.8AI score0.0056EPSS
CVE
CVE
added 2024/01/02 2:49 a.m.101 views

CVE-2023-32874

CVE-2023-32874 is a MediaTek Modem IMS Stack vulnerability. The issue is a possible out-of-bounds write caused by a missing bounds check in the Modem IMS Stack, which the sources state could lead to remote code execution with no additional privileges and no user interaction required. The vulnerab...

9.8CVSS9.2AI score0.01026EPSS
CVE
CVE
added 2023/12/04 3:46 a.m.99 views

CVE-2023-32842

CVE-2023-32842 affects the MediaTek 5G Modem. The vulnerability arises from improper error handling in the 5G Modem’s RRC message processing, leading to a system crash and remote denial of service without requiring user interaction or additional privileges. A patch was issued: MOLY01130256 (MSV-8...

7.5CVSS7.4AI score0.01355EPSS
CVE
CVE
added 2023/12/04 3:46 a.m.99 views

CVE-2023-32843

CVE-2023-32843 affects the 5G Modem: a vulnerability due to improper error handling in processing RRC messages that can cause a system crash and remote denial of service. Exploitation requires no user interaction and no extra privileges. The issue is documented with a patch MOLY01130204 (MSV-849)...

7.5CVSS7.4AI score0.01369EPSS
CVE
CVE
added 2025/01/06 3:17 a.m.85 views

CVE-2024-20150

CVE-2024-20150 affects the Modem component in MediaTek chipsets. A logic error in the Modem can cause a system crash, enabling remote denial of service without privileges and without user interaction. The CVSS v3.1 base score is 7.5 (Network, Privileges Required: None, User Interaction: None, Ava...

7.5CVSS7.2AI score0.00757EPSS
CVE
CVE
added 2025/05/05 2:49 a.m.75 views

CVE-2025-20670

CVE-2025-20670 concerns a vulnerability in a Modem where improper certificate validation enables a permission bypass, potentially causing remote information disclosure if a UE connects to a rogue base station controlled by an attacker. Exploitation requires user interaction and the attacker would...

5.7CVSS6.8AI score0.0027EPSS
CVE
CVE
added 2024/01/02 2:50 a.m.69 views

CVE-2023-32891

CVE-2023-32891 relates to an out-of-bounds write in the bluetooth service caused by improper input validation. Affected component is described as the Bluetooth service (no specific vendor/version in provided text beyond MediaTek-linked sources). The underlying root cause is input validation weakn...

6.7CVSS6.7AI score0.00093EPSS
CVE
CVE
added 2024/12/02 3:7 a.m.67 views

CVE-2024-20131

CVE-2024-20131 affects the Modem component in MediaTek chipsets. The root cause is an incorrect bounds check that can enable a local escalation of privilege, requiring local access with no user interaction. The vulnerability is described as potentially enabling System execution privileges with hi...

6.7CVSS7.3AI score0.00176EPSS
CVE
CVE
added 2025/01/06 3:17 a.m.66 views

CVE-2024-20149

CVE-2024-20149 affects the Modem component, with an input validation flaw that can cause a remote denial of service (no privileges, no user interaction needed). The vulnerability is associated with a network-based attack vector and a high impact on availability (CVSS 3.1 base score 7.5). Affected...

7.5CVSS7.2AI score0.00723EPSS
CVE
CVE
added 2025/01/06 3:17 a.m.64 views

CVE-2024-20151

The CVE-2024-20151 entry concerns MediaTek’s Modem component where an incorrect bounds check can cause an out-of-bounds write. This vulnerability could enable local escalation of privilege if an attacker already has System privileges, with no user interaction required. A patch is identified as MO...

6.7CVSS7.3AI score0.00166EPSS
CVE
CVE
added 2025/05/05 2:49 a.m.64 views

CVE-2025-20667

CVE-2025-20667 concerns a remote information disclosure in the Modem due to incorrect error handling. The vulnerability allows information disclosure without user interaction if a user equipment (UE) connects to a rogue base station controlled by an attacker, with no additional execution privileg...

7.5CVSS6.2AI score0.00375EPSS
CVE
CVE
added 2025/03/03 2:25 a.m.62 views

CVE-2025-20647

The CVE-2025-20647 entry concerns MediaTek Modem. The documented vulnerability is a missing bounds check that can trigger a system crash, enabling remote denial of service for a UE connected to a rogue base station, with no user interaction required. Affected component is the Modem (MediaTek) and...

6.5CVSS7.3AI score0.00353EPSS
CVE
CVE
added 2022/11/08 12:0 a.m.61 views

CVE-2022-26446

CVE-2022-26446 affects the Modem 4G RRC. The root cause is improper input validation in handling certain SIB12 (CMAS message) input, causing a system crash and remote denial of service. Exploitation is described as possible without additional execution privileges and without user interaction. The...

7.5CVSS7.5AI score0.01051EPSS
CVE
CVE
added 2023/11/06 3:50 a.m.61 views

CVE-2023-32840

Summary: CVE-2023-32840 affects the modem CCCI component. The vulnerability is an out-of-bounds write caused by a missing bounds check, leading to local privilege escalation with System execution privileges required. Exploitation may require user interaction. Patch reference exists (MOLY01138425;...

8.4CVSS6.6AI score0.00183EPSS
CVE
CVE
added 2024/01/02 2:50 a.m.60 views

CVE-2023-32888

Affected software: Modem IMS Call UA. Vulnerability: out-of-bounds write caused by a missing bounds check in the IMS Call UA module. Impact: remote denial of service with no privileges and no user interaction required. Exploitation: no explicit exploit details provided in the documents. Remediati...

7.5CVSS7.4AI score0.00948EPSS
CVE
CVE
added 2024/01/02 2:50 a.m.59 views

CVE-2023-32886

Summary (CVE-2023-32886) In the Modem IMS SMS UA component, there is an out-of-bounds write caused by a missing bounds check. This can lead to remote denial of service with no extra execution privileges and no user interaction required. Public references consistently describe the issue as impacti...

7.5CVSS7.4AI score0.00842EPSS
CVE
CVE
added 2024/01/02 2:50 a.m.57 views

CVE-2023-32887

In Modem IMS Stack, a missing bounds check can cause a system crash leading to remote denial of service with no authentication or user interaction required. Affected: Modem IMS Stack (vendor/product not explicitly named in the document set). Root cause: out-of-bounds condition in the modular stac...

7.5CVSS7.3AI score0.00948EPSS
CVE
CVE
added 2025/06/02 2:29 a.m.56 views

CVE-2025-20678

The CVE-2025-20678 entry affects MediaTek IMS service. The vulnerability arises from incorrect error handling in the ims service, enabling remote denial of service when a UE connects to a rogue base station; exploitation requires no user interaction and no privileges. Reported impact is a system ...

6.5CVSS7AI score0.00325EPSS
CVE
CVE
added 2023/12/04 3:46 a.m.52 views

CVE-2023-32845

CVE-2023-32845 concerns the 5G Modem and a vulnerability due to improper error handling that can cause a remote system crash leading to a denial of service when the modem processes malformed RRC messages. The issue does not require user interaction and can be exploited remotely (attack vector: ne...

7.5CVSS7.4AI score0.01369EPSS
CVE
CVE
added 2024/12/02 3:7 a.m.51 views

CVE-2024-20133

CVE-2024-20133 describes a local privilege escalation in the Modem due to an incorrect bounds check. Exploitation requires SYSTEM privileges and does not require user interaction. A patched release is identified by Patch ID MOLY01395886 (MSV-1871). Affected scope is not fully enumerated in the pr...

6.7CVSS7.3AI score0.00176EPSS
CVE
CVE
added 2023/12/04 3:46 a.m.50 views

CVE-2023-32844

The CVE-2023-32844 entry affects the 5G Modem, where improper error handling can cause a system crash leading to remote denial of service when processing malformed RRC messages. Exploitation requires no privileges and no user interaction. The vulnerability is mitigated by the patch MOLY01128524 (...

7.5CVSS7.4AI score0.01355EPSS
CVE
CVE
added 2023/12/04 3:46 a.m.50 views

CVE-2023-32846

The CVE-2023-32846 issue affects the MediaTek 5G Modem and is caused by improper error handling in the RRC message processing. This can crash the system and enable remote denial of service without extra privileges or user interaction. A patch is indicated: MOLY01128524 (MSV-861). Affected behavio...

7.5CVSS7.4AI score0.01355EPSS
CVE
CVE
added 2024/12/02 3:7 a.m.48 views

CVE-2024-20132

The CVE-2024-20132 vulnerability affects the Modem and is caused by an out-of-bounds write stemming from a missing/incorrect bounds check, enabling local privilege escalation with no user interaction required. Reported impact is high for confidentiality, integrity, and availability; exploitation ...

6.7CVSS7.4AI score0.00176EPSS
CVE
CVE
added 2024/06/03 2:4 a.m.45 views

CVE-2024-20070

CVE-2024-20070 affects the modem component. The root cause is the use of a risky cryptographic algorithm during the connection establishment negotiation, which may cause information disclosure to an attacker who can observe weak encryption. The issue does not require additional privileges and doe...

5.1CVSS6.7AI score0.00101EPSS
CVE
CVE
added 2026/02/02 8:14 a.m.42 views

CVE-2026-20422

CVE-2026-20422 : In Modem, improper input validation can cause a remote denial of service when a UE connects to a rogue base station. Exploitation requires no user interaction and can occur with adjacent network access. The issue is associated with Patch MOLY00827332 and Issue MSV-5919. MITRE/ATT...

6.5CVSS5.7AI score0.00216EPSS
CVE
CVE
added 2025/09/01 5:12 a.m.35 views

CVE-2025-20708

The CVE-2025-20708 entry concerns MediaTek’s Modem (MOLY) with an out-of-bounds write caused by an incorrect bounds check. According to the sources, this could enable remote escalation of privilege when a user equipment (UE) connects to a rogue base station, with no extra execution privileges or ...

8.8CVSS6.5AI score0.00321EPSS
CVE
CVE
added 2025/12/02 2:34 a.m.30 views

CVE-2025-20759

In MediaTek Modem CVE-2025-20759, the issue is a missing bounds check causing an out-of-bounds read in the Modem component. This can enable remote denial of service when a user equipment (UE) connects to a rogue base station without requiring user interaction and with no additional privileges. Pu...

6.5CVSS6.3AI score0.00415EPSS
CVE
CVE
added 2026/01/06 1:46 a.m.30 views

CVE-2025-20761

CVE-2025-20761 affects the Modem component, where a fault in error handling can cause a system crash leading to remote denial of service if a UE connects to a rogue base station. Exploitation requires no user interaction and does not need additional privileges; the issue is addressed via patch MO...

6.5CVSS6.5AI score0.00234EPSS
CVE
CVE
added 2025/09/01 5:12 a.m.28 views

CVE-2025-20703

Summary: CVE-2025-20703 affects the Modem component, where an incorrect bounds check enables an out-of-bounds read. This can cause a remote denial of service if a UA connects to a rogue base station, with no user interaction or privileges required. Impact (as stated): remote DoS; availability imp...

6.5CVSS6.2AI score0.00283EPSS
CVE
CVE
added 2026/01/06 1:46 a.m.27 views

CVE-2025-20794

CVE-2025-20794 affects Modem with a vulnerability in input validation that can cause a system crash, leading to remote denial of service when a UE connects to a rogue base station. Exploitation is possible without user interaction and requires adjacent access; no privileges or interaction needed....

6.5CVSS6.5AI score0.00248EPSS
CVE
CVE
added 2026/03/02 8:39 a.m.27 views

CVE-2026-20434

CVE-2026-20434 affects the Modem component, where an out-of-bounds write due to a missing bounds check could allow remote escalation of privileges if a UE connects to a rogue base station. Exploitation requires no extra execution privileges but does require user interaction. Public disclosures in...

7.5CVSS6.1AI score0.00219EPSS
CVE
CVE
added 2026/02/02 8:14 a.m.26 views

CVE-2026-20405

CVE-2026-20405 affects the Modem component where a missing bounds check can trigger a remote denial of service when a UE connects to a rogue base station controlled by an attacker. Exploitation requires no user interaction and no additional privileges. Reported patch: MOLY01688495 (MSV-4818). Rel...

6.5CVSS5.7AI score0.00216EPSS
CVE
CVE
added 2025/11/04 6:19 a.m.23 views

CVE-2025-20727

CVE-2025-20727 affects MediaTek MoLY modem software, describing a heap-buffer overflow that enables out-of-bounds writes and remote escalation of privilege when a UE connects to a rogue base station. The vulnerability arises from an out-of-bounds write in the Modem component, with no user interac...

8.1CVSS7AI score0.00513EPSS
CVE
CVE
added 2025/11/04 6:19 a.m.20 views

CVE-2025-20725

CVE-2025-20725 affects MediaTek IMS service with an out-of-bounds write due to a missing bounds check. The issue enables remote escalation of privilege when a user equipment connects to a rogue base station; exploitation does not require user interaction. Patch MOLY01671924 (MSV-4620) is referenc...

7.5CVSS6.5AI score0.00495EPSS
CVE
CVE
added 2026/02/02 8:14 a.m.20 views

CVE-2026-20404

CVE-2026-20404 is a Modem vulnerability where improper input validation can cause a system crash, enabling remote denial of service when a UE connects to a rogue base station. No user interaction is required; exploitability is adjacent vector with low attack complexity and no privileges. A patch ...

6.5CVSS5.7AI score0.00457EPSS
CVE
CVE
added 2025/12/02 2:34 a.m.19 views

CVE-2025-20758

CVE-2025-20758 : In MediaTek Modem components, an uncaught exception can cause a system crash, enabling remote DoS when a UE connects to a rogue base station. Exploitation requires no user interaction and can occur over the network. The issue is documented in multiple sources (e.g., Red Hat RH:CV...

4.9CVSS6.5AI score0.0044EPSS
CVE
CVE
added 2025/12/02 2:34 a.m.18 views

CVE-2025-20752

CVE-2025-20752 concerns MediaTek MediaTek Modem vulnerability: a missing bounds check can cause a system crash and remote denial of service when a UE connects to a rogue base station. No user interaction required; exploit assumed over the network with low privileges. Patch MOLY01270690 (MSV-4301)...

6.5CVSS6.3AI score0.00226EPSS
CVE
CVE
added 2026/02/02 8:14 a.m.18 views

CVE-2026-20403

CVE-2026-20403 concerns the Modem component, where a missing bounds check can cause a system crash leading to remote denial of service. Exploitation is possible if a user equipment (UE) connects to a rogue base station controlled by an attacker, with no additional execution privileges and no user...

6.5CVSS5.7AI score0.00216EPSS
Total number of security vulnerabilities57