In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01753620; Issue ID: MSV-6100.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0008.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
MediaTek, Inc. MediaTek chipset unaffected
Version Status Constraints
MT2735 affected
MT2737 affected
MT6833 affected
MT6835 affected
MT6853 affected
MT6855 affected
MT6858 affected
MT6873 affected
MT6875 affected
MT6877 affected
MT6878 affected
MT6879 affected
MT6880 affected
MT6883 affected
MT6885 affected
MT6886 affected
MT6889 affected
MT6890 affected
MT6891 affected
MT6893 affected
MT6895 affected
MT6896 affected
MT6897 affected
MT6899 affected
MT6980 affected
MT6983 affected
MT6985 affected
MT6986 affected
MT6989 affected
MT6990 affected
MT6991 affected
MT6993 affected
MT8668 affected
MT8673 affected
MT8675 affected
MT8676 affected
MT8678 affected
MT8755 affected
MT8771 affected
MT8775 affected
MT8791 affected
MT8791T affected
MT8792 affected
MT8793 affected
MT8795T affected
MT8797 affected
MT8798 affected
MT8863 affected
MT8873 affected
MT8883 affected
MT8893 affected

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Mediatek, Inc. Subscribe
Mediatek Chipset Subscribe

Project Subscriptions

Vendors Products
Mediatek, Inc. Subscribe
Mediatek Chipset Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://corp.mediatek.com/product-security-bulletin/May-2026 cve-icon cve-icon
History

Mon, 04 May 2026 15:30:00 +0000

Type Values Removed Values Added
Title Modem Crash Leading to Remote Denial of Service on MediaTek Chipsets

Mon, 04 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 04 May 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Mediatek, Inc.
Mediatek, Inc. mediatek Chipset
Vendors & Products Mediatek, Inc.
Mediatek, Inc. mediatek Chipset

Mon, 04 May 2026 07:45:00 +0000

Type Values Removed Values Added
Title Modem Crash Leading to Remote Denial of Service on MediaTek Chipsets

Mon, 04 May 2026 06:45:00 +0000

Type Values Removed Values Added
Description In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01753620; Issue ID: MSV-6100.
Weaknesses CWE-617
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: MediaTek

Published:

Updated: 2026-05-04T12:59:48.327Z

Reserved: 2025-11-03T01:30:59.013Z

Link: CVE-2026-20450

cve-icon Vulnrichment

Updated: 2026-05-04T12:59:34.794Z

cve-icon NVD

Status : Received

Published: 2026-05-04T07:15:59.723

Modified: 2026-05-04T14:16:32.553

Link: CVE-2026-20450

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T15:15:03Z

Weaknesses