Lucene search
+L
MediatekNr17

48 matches found

CVE
CVE
added 2025/02/03 3:23 a.m.137 views

CVE-2025-20634

CVE-2025-20634 concerns MediaTek Modem firmware (notably MT8863 NR16/NR17 and related MT2737-based devices) where a missing bounds check enables an out-of-bounds write. The issue allows remote code execution over the network without user interaction, if the device connects to a rogue base station...

9.8CVSS7.3AI score0.00731EPSS
CVE
CVE
added 2024/01/02 2:50 a.m.127 views

CVE-2023-32890

CVE-2023-32890 affects MediaTek Modem EMM. The issue is a crash caused by improper input validation, enabling remote denial of service with no user interaction. Exploitation is possible over the network (per CVSS) and does not require privileges. A patch identified as MOLY01183647 (MSV-963) is pr...

7.5CVSS7.4AI score0.0076EPSS
CVE
CVE
added 2024/04/01 2:34 a.m.126 views

CVE-2024-20039

The CVE-2024-20039 issue concerns MediaTek modem protocol components with a missing bounds check that enables an out-of-bounds write. This can lead to remote code execution with no privileges or user interaction required. Concrete details across connected documents identify the affected area as t...

8.8CVSS7.7AI score0.00878EPSS
CVE
CVE
added 2023/10/02 2:5 a.m.118 views

CVE-2023-20819

CVE-2023-20819 affects MediaTek’s CDMA PPP protocol component, where a missing bounds check can enable an out-of-bounds write and remote escalation of privilege with no user interaction. A patch is identified as MOLY01068234 (Issue ALPS08010003); exploitation status is not provided in the availab...

9.8CVSS9.1AI score0.00609EPSS
CVE
CVE
added 2024/08/14 3:2 a.m.115 views

CVE-2024-20082

CVE-2024-20082 affects MediaTek’s Modem component, where a missing bounds check can cause memory corruption, enabling remote code execution with no privileges and no user interaction. Impact is described as High/Total in multiple sources; exploitation status is not detailed in the provided docume...

9.8CVSS7.6AI score0.01364EPSS
CVE
CVE
added 2024/06/03 2:4 a.m.114 views

CVE-2024-20066

The CVE-2024-20066 issue affects MediaTek Modem, caused by an incorrect bounds check leading to a possible out-of-bounds write. This enables remote denial of service with no privileges required and no user interaction needed. Remediation is available via patch MOLY01267281 (MSV-1477).

7.5CVSS6.9AI score0.00669EPSS
CVE
CVE
added 2023/12/04 3:45 a.m.109 views

CVE-2023-32841

The CVE-2023-32841 entry affects MediaTek’s 5G Modem. The vulnerability arises from improper error handling in the 5G Modem, which can cause a system crash and remote denial of service when processing malformed RRC messages. Exploitation requires no user interaction and does not need additional e...

7.5CVSS7.4AI score0.01369EPSS
CVE
CVE
added 2023/11/06 3:50 a.m.107 views

CVE-2023-20702

CVE-2023-20702 affects MediaTek 5G NRLC modules. The vulnerability is an invalid memory access in the 5G NRLC processing path caused by insufficient error handling when handling a 1-byte RLC SDU, which could lead to a remote denial of service without user interaction. The issue is discussed in mu...

7.5CVSS7.5AI score0.01082EPSS
CVE
CVE
added 2024/06/03 2:4 a.m.107 views

CVE-2024-20067

CVE-2024-20067 affects the modem component (MediaTek/MOLY stack). The advisory describes an possible out-of-bounds write caused by improper input invalidation in the modem, which could enable a remote denial of service with no required privileges and without user interaction. The issue is documen...

9.8CVSS6.9AI score0.00724EPSS
CVE
CVE
added 2024/06/03 2:4 a.m.103 views

CVE-2024-20068

CVE-2024-20068 affects the Modem component described in multiple sources as an input validation issue that can crash the system and cause remote denial of service without extra privileges or user interaction. Public documents consistently identify Modem as the affected area and note the vulnerabi...

5.9CVSS6.8AI score0.0056EPSS
CVE
CVE
added 2024/01/02 2:49 a.m.101 views

CVE-2023-32874

CVE-2023-32874 is a MediaTek Modem IMS Stack vulnerability. The issue is a possible out-of-bounds write caused by a missing bounds check in the Modem IMS Stack, which the sources state could lead to remote code execution with no additional privileges and no user interaction required. The vulnerab...

9.8CVSS9.2AI score0.01026EPSS
CVE
CVE
added 2023/12/04 3:46 a.m.99 views

CVE-2023-32842

CVE-2023-32842 affects the MediaTek 5G Modem. The vulnerability arises from improper error handling in the 5G Modem’s RRC message processing, leading to a system crash and remote denial of service without requiring user interaction or additional privileges. A patch was issued: MOLY01130256 (MSV-8...

7.5CVSS7.4AI score0.01355EPSS
CVE
CVE
added 2023/12/04 3:46 a.m.99 views

CVE-2023-32843

CVE-2023-32843 affects the 5G Modem: a vulnerability due to improper error handling in processing RRC messages that can cause a system crash and remote denial of service. Exploitation requires no user interaction and no extra privileges. The issue is documented with a patch MOLY01130204 (MSV-849)...

7.5CVSS7.4AI score0.01369EPSS
CVE
CVE
added 2025/01/06 3:17 a.m.85 views

CVE-2024-20150

CVE-2024-20150 affects the Modem component in MediaTek chipsets. A logic error in the Modem can cause a system crash, enabling remote denial of service without privileges and without user interaction. The CVSS v3.1 base score is 7.5 (Network, Privileges Required: None, User Interaction: None, Ava...

7.5CVSS7.2AI score0.00757EPSS
CVE
CVE
added 2025/05/05 2:49 a.m.75 views

CVE-2025-20670

CVE-2025-20670 concerns a vulnerability in a Modem where improper certificate validation enables a permission bypass, potentially causing remote information disclosure if a UE connects to a rogue base station controlled by an attacker. Exploitation requires user interaction and the attacker would...

5.7CVSS6.8AI score0.0027EPSS
CVE
CVE
added 2024/01/02 2:50 a.m.69 views

CVE-2023-32891

CVE-2023-32891 relates to an out-of-bounds write in the bluetooth service caused by improper input validation. Affected component is described as the Bluetooth service (no specific vendor/version in provided text beyond MediaTek-linked sources). The underlying root cause is input validation weakn...

6.7CVSS6.7AI score0.00093EPSS
CVE
CVE
added 2024/12/02 3:7 a.m.67 views

CVE-2024-20131

CVE-2024-20131 affects the Modem component in MediaTek chipsets. The root cause is an incorrect bounds check that can enable a local escalation of privilege, requiring local access with no user interaction. The vulnerability is described as potentially enabling System execution privileges with hi...

6.7CVSS7.3AI score0.00176EPSS
CVE
CVE
added 2025/01/06 3:17 a.m.64 views

CVE-2024-20151

The CVE-2024-20151 entry concerns MediaTek’s Modem component where an incorrect bounds check can cause an out-of-bounds write. This vulnerability could enable local escalation of privilege if an attacker already has System privileges, with no user interaction required. A patch is identified as MO...

6.7CVSS7.3AI score0.00166EPSS
CVE
CVE
added 2025/05/05 2:49 a.m.64 views

CVE-2025-20667

CVE-2025-20667 concerns a remote information disclosure in the Modem due to incorrect error handling. The vulnerability allows information disclosure without user interaction if a user equipment (UE) connects to a rogue base station controlled by an attacker, with no additional execution privileg...

7.5CVSS6.2AI score0.00375EPSS
CVE
CVE
added 2023/11/06 3:50 a.m.61 views

CVE-2023-32840

Summary: CVE-2023-32840 affects the modem CCCI component. The vulnerability is an out-of-bounds write caused by a missing bounds check, leading to local privilege escalation with System execution privileges required. Exploitation may require user interaction. Patch reference exists (MOLY01138425;...

8.4CVSS6.6AI score0.00183EPSS
CVE
CVE
added 2024/01/02 2:50 a.m.60 views

CVE-2023-32888

Affected software: Modem IMS Call UA. Vulnerability: out-of-bounds write caused by a missing bounds check in the IMS Call UA module. Impact: remote denial of service with no privileges and no user interaction required. Exploitation: no explicit exploit details provided in the documents. Remediati...

7.5CVSS7.4AI score0.00948EPSS
CVE
CVE
added 2024/01/02 2:50 a.m.59 views

CVE-2023-32886

Summary (CVE-2023-32886) In the Modem IMS SMS UA component, there is an out-of-bounds write caused by a missing bounds check. This can lead to remote denial of service with no extra execution privileges and no user interaction required. Public references consistently describe the issue as impacti...

7.5CVSS7.4AI score0.00842EPSS
CVE
CVE
added 2024/01/02 2:50 a.m.57 views

CVE-2023-32887

In Modem IMS Stack, a missing bounds check can cause a system crash leading to remote denial of service with no authentication or user interaction required. Affected: Modem IMS Stack (vendor/product not explicitly named in the document set). Root cause: out-of-bounds condition in the modular stac...

7.5CVSS7.3AI score0.00948EPSS
CVE
CVE
added 2025/06/02 2:29 a.m.56 views

CVE-2025-20678

The CVE-2025-20678 entry affects MediaTek IMS service. The vulnerability arises from incorrect error handling in the ims service, enabling remote denial of service when a UE connects to a rogue base station; exploitation requires no user interaction and no privileges. Reported impact is a system ...

6.5CVSS7AI score0.00325EPSS
CVE
CVE
added 2023/12/04 3:46 a.m.52 views

CVE-2023-32845

CVE-2023-32845 concerns the 5G Modem and a vulnerability due to improper error handling that can cause a remote system crash leading to a denial of service when the modem processes malformed RRC messages. The issue does not require user interaction and can be exploited remotely (attack vector: ne...

7.5CVSS7.4AI score0.01369EPSS
CVE
CVE
added 2023/12/04 3:46 a.m.50 views

CVE-2023-32844

The CVE-2023-32844 entry affects the 5G Modem, where improper error handling can cause a system crash leading to remote denial of service when processing malformed RRC messages. Exploitation requires no privileges and no user interaction. The vulnerability is mitigated by the patch MOLY01128524 (...

7.5CVSS7.4AI score0.01355EPSS
CVE
CVE
added 2023/12/04 3:46 a.m.50 views

CVE-2023-32846

The CVE-2023-32846 issue affects the MediaTek 5G Modem and is caused by improper error handling in the RRC message processing. This can crash the system and enable remote denial of service without extra privileges or user interaction. A patch is indicated: MOLY01128524 (MSV-861). Affected behavio...

7.5CVSS7.4AI score0.01355EPSS
CVE
CVE
added 2024/06/03 2:4 a.m.45 views

CVE-2024-20070

CVE-2024-20070 affects the modem component. The root cause is the use of a risky cryptographic algorithm during the connection establishment negotiation, which may cause information disclosure to an attacker who can observe weak encryption. The issue does not require additional privileges and doe...

5.1CVSS6.7AI score0.00101EPSS
CVE
CVE
added 2026/02/02 8:14 a.m.42 views

CVE-2026-20422

CVE-2026-20422 : In Modem, improper input validation can cause a remote denial of service when a UE connects to a rogue base station. Exploitation requires no user interaction and can occur with adjacent network access. The issue is associated with Patch MOLY00827332 and Issue MSV-5919. MITRE/ATT...

6.5CVSS5.7AI score0.00216EPSS
CVE
CVE
added 2025/09/01 5:12 a.m.35 views

CVE-2025-20708

The CVE-2025-20708 entry concerns MediaTek’s Modem (MOLY) with an out-of-bounds write caused by an incorrect bounds check. According to the sources, this could enable remote escalation of privilege when a user equipment (UE) connects to a rogue base station, with no extra execution privileges or ...

8.8CVSS6.5AI score0.00321EPSS
CVE
CVE
added 2026/01/06 1:46 a.m.30 views

CVE-2025-20761

CVE-2025-20761 affects the Modem component, where a fault in error handling can cause a system crash leading to remote denial of service if a UE connects to a rogue base station. Exploitation requires no user interaction and does not need additional privileges; the issue is addressed via patch MO...

6.5CVSS6.5AI score0.00234EPSS
CVE
CVE
added 2025/09/01 5:12 a.m.28 views

CVE-2025-20703

Summary: CVE-2025-20703 affects the Modem component, where an incorrect bounds check enables an out-of-bounds read. This can cause a remote denial of service if a UA connects to a rogue base station, with no user interaction or privileges required. Impact (as stated): remote DoS; availability imp...

6.5CVSS6.2AI score0.00283EPSS
CVE
CVE
added 2025/09/01 5:12 a.m.28 views

CVE-2025-20704

CVE-2025-20704 affects MediaTek’s Modem component. The issue is an out-of-bounds write caused by a missing bounds check in the Modem stack, enabling remote escalation of privilege when a user equipment (UE) connects to a rogue base station controlled by an attacker. Exploitation is reported to re...

8CVSS6.4AI score0.00285EPSS
CVE
CVE
added 2026/01/06 1:46 a.m.27 views

CVE-2025-20794

CVE-2025-20794 affects Modem with a vulnerability in input validation that can cause a system crash, leading to remote denial of service when a UE connects to a rogue base station. Exploitation is possible without user interaction and requires adjacent access; no privileges or interaction needed....

6.5CVSS6.5AI score0.00248EPSS
CVE
CVE
added 2026/03/02 8:39 a.m.27 views

CVE-2026-20434

CVE-2026-20434 affects the Modem component, where an out-of-bounds write due to a missing bounds check could allow remote escalation of privileges if a UE connects to a rogue base station. Exploitation requires no extra execution privileges but does require user interaction. Public disclosures in...

7.5CVSS6.1AI score0.00219EPSS
CVE
CVE
added 2026/02/02 8:14 a.m.26 views

CVE-2026-20405

CVE-2026-20405 affects the Modem component where a missing bounds check can trigger a remote denial of service when a UE connects to a rogue base station controlled by an attacker. Exploitation requires no user interaction and no additional privileges. Reported patch: MOLY01688495 (MSV-4818). Rel...

6.5CVSS5.7AI score0.00216EPSS
CVE
CVE
added 2025/11/04 6:19 a.m.23 views

CVE-2025-20727

CVE-2025-20727 affects MediaTek MoLY modem software, describing a heap-buffer overflow that enables out-of-bounds writes and remote escalation of privilege when a UE connects to a rogue base station. The vulnerability arises from an out-of-bounds write in the Modem component, with no user interac...

8.1CVSS7AI score0.00513EPSS
CVE
CVE
added 2026/02/02 8:14 a.m.20 views

CVE-2026-20404

CVE-2026-20404 is a Modem vulnerability where improper input validation can cause a system crash, enabling remote denial of service when a UE connects to a rogue base station. No user interaction is required; exploitability is adjacent vector with low attack complexity and no privileges. A patch ...

6.5CVSS5.7AI score0.00457EPSS
CVE
CVE
added 2025/12/02 2:34 a.m.19 views

CVE-2025-20758

CVE-2025-20758 : In MediaTek Modem components, an uncaught exception can cause a system crash, enabling remote DoS when a UE connects to a rogue base station. Exploitation requires no user interaction and can occur over the network. The issue is documented in multiple sources (e.g., Red Hat RH:CV...

4.9CVSS6.5AI score0.0044EPSS
CVE
CVE
added 2026/01/06 1:46 a.m.19 views

CVE-2025-20762

CVE-2025-20762 affects MediaTek Modem with a vulnerability in error handling that can cause a system crash and remote denial of service when a UE connects to a rogue base station. Exploitation requires no user interaction and no additional privileges. The advisory lists Patch ID MOLY01685181 and ...

6.5CVSS6.5AI score0.00257EPSS
CVE
CVE
added 2025/12/02 2:34 a.m.18 views

CVE-2025-20752

CVE-2025-20752 concerns MediaTek MediaTek Modem vulnerability: a missing bounds check can cause a system crash and remote denial of service when a UE connects to a rogue base station. No user interaction required; exploit assumed over the network with low privileges. Patch MOLY01270690 (MSV-4301)...

6.5CVSS6.3AI score0.00226EPSS
CVE
CVE
added 2026/02/02 8:14 a.m.18 views

CVE-2026-20403

CVE-2026-20403 concerns the Modem component, where a missing bounds check can cause a system crash leading to remote denial of service. Exploitation is possible if a user equipment (UE) connects to a rogue base station controlled by an attacker, with no additional execution privileges and no user...

6.5CVSS5.7AI score0.00216EPSS
CVE
CVE
added 2026/02/02 8:14 a.m.18 views

CVE-2026-20406

CVE-2026-20406 affects the Modem component and is described as a possible system crash caused by an uncaught exception that can lead to remote denial of service when a UE connects to a rogue base station; no user interaction required. Exploitation context is adjacent network access (no privileges...

6.5CVSS5.7AI score0.00213EPSS
CVE
CVE
added 2025/12/02 2:34 a.m.17 views

CVE-2025-20754

CVE-2025-20754 affects MediaTek’s Modem component. The issue is an incorrect bounds check that can cause a system crash, leading to remote denial of service when a UE connects to a rogue base station. Exploitation requires no user interaction and is possible remotely via a network path. The vulne...

5.3CVSS6.5AI score0.00428EPSS
CVE
CVE
added 2026/02/02 8:14 a.m.17 views

CVE-2026-20420

CVE-2026-20420 affects the Modem component where a flaw in error handling can cause a system crash, enabling remote denial of service when a UE connects to a rogue base station. Exploitation requires no user interaction and no additional privileges. A patch is listed as MOLY01738313 (MSV-5935). C...

6.5CVSS5.7AI score0.00216EPSS
CVE
CVE
added 2025/11/04 6:19 a.m.15 views

CVE-2025-20726

CVE-2025-20726 affects MediaTek’s Modem, where an incorrect bounds check enables an out-of-bounds write. This could permit remote escalation of privilege if a user equipment (UE) connects to a rogue base station; exploitation requires no user interaction. A patch is available as MOLY01672598 (MSV...

7.5CVSS6.7AI score0.00468EPSS
CVE
CVE
added 2026/01/06 1:46 a.m.14 views

CVE-2025-20760

CVE-2025-20760 concerns a vulnerability in Modem where an uncaught exception allows reading uninitialized heap data, enabling remote denial of service when a UE connects to a rogue base station. Exploitation requires no user interaction, and no privileges beyond network access are needed (attack ...

6.5CVSS6.4AI score0.00257EPSS
CVE
CVE
added 2026/01/06 1:46 a.m.14 views

CVE-2025-20793

CVE-2025-20793 affects the Modem component where a flaw in error handling when a UE connects to a rogue base station can cause a remote denial of service without user interaction. Multiple sources (including Red Hat, NVD, CVE listings, and PT Security) describe the issue consistently, noting the ...

6.5CVSS6.5AI score0.00253EPSS