What is the CVSS score of CVE-2026-20401?

CVE-2026-20401 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.1%.

Which versions of Nr15 are affected by CVE-2026-20401?

A HIGH severity vulnerability in modem firmware (CVE-2026-20401) allows attackers to remotely crash devices by impersonating cellular base stations, causing service disruption without requiring user…

How to fix or mitigate CVE-2026-20401?

Within 24 hours: Inventory all devices and assets using affected modem firmware and assess exposure in your organization. Within 7 days: Implement network monitoring to detect rogue base station activity; brief security and operations teams on the threat. Within 30 days: Contact device manufacturers for firmware updates; evaluate device replacement or firmware patching timelines and establish a deployment schedule.

Nr15 CVE-2026-20401

HIGH

Reachable Assertion (CWE-617)

2026-02-02 security@mediatek.com

Denial Of Service Nr15

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:01 vuln.today

CVE Published

Feb 02, 2026 - 09:15 nvd

HIGH 7.5

DescriptionCVE.org

In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738310; Issue ID: MSV-5933.

AnalysisAI

Nr15 modem suffers from an uncaught exception vulnerability that allows remote attackers to trigger a denial of service by connecting a device to a malicious base station. No special privileges or user interaction are required to exploit this network-based flaw. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Set up rogue base station

Delivery

UE connects to attacker-controlled station

Exploit

Send crafted modem message

Execution

Trigger uncaught exception

Impact

System crash and denial of service

Access

Set up rogue base station

Delivery

UE connects to attacker-controlled station

Exploit

Send crafted modem message

Execution

Trigger uncaught exception

Impact

System crash and denial of service

Vulnerability AssessmentAI

Exploitation	User equipment (UE) must connect to attacker-controlled rogue base station. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 7.5 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	A remote attacker could exploit this vulnerability to remote denial of service, if a UE has connected to a rogue base station controll.
Remediation	Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all devices and assets using affected modem firmware and assess exposure in your organization. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-20401 vulnerability details – vuln.today

Back

Nr15 CVE-2026-20401

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code