ГлавнаяУязвимости → CVE-2026-20433
8.8высокая

CVE-2026-20433

Описание

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01088681; Issue ID: MSV-4460.

Затрагиваемое ПО
Mediatek Mt2735 firmwareMediatek Mt2735Mediatek Mt2737 firmwareMediatek Mt2737Mediatek Mt6813 firmwareMediatek Mt6813Mediatek Mt6833 firmwareMediatek Mt6833Mediatek Mt6833p firmwareMediatek Mt6833pMediatek Mt6835 firmwareMediatek Mt6835Mediatek Mt6835t firmwareMediatek Mt6835tMediatek Mt6853 firmwareMediatek Mt6853Mediatek Mt6853t firmwareMediatek Mt6853tMediatek Mt6855 firmwareMediatek Mt6855Mediatek Mt6855t firmwareMediatek Mt6855tMediatek Mt6873 firmwareMediatek Mt6873Mediatek Mt6875 firmware
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://corp.mediatek.com/product-security-bulletin/April-2026