Nbiot Sdk
CVE-2026-20407
CRITICAL
Severity by source
AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
In wlan STA driver, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00464377; Issue ID: MSV-4905.
AnalysisAI
Out-of-bounds write in Android WLAN STA driver due to missing bounds check allows local privilege escalation to System with user interaction.
Technical ContextAI
CWE-787 OOB write in WLAN STA (station) driver. Missing bounds check on wireless driver data.
RemediationAI
Apply Android security update.
In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local
In httpclient, there is a possible out of bounds write due to uninitialized data. Rated critical severity (CVSS 9.8), th
Nbiot Sdk contains a vulnerability that allows attackers to local escalation of privilege with User execution privileges
The Nbiot SDK's wlan STA driver contains a buffer overflow vulnerability due to missing bounds checking that allows priv
An uncaught exception in WLAN AP/STA firmware for NBIoT SDK, OpenWrt, and related development kits enables adjacent netw
In Bluetooth driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of s
In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of se
In Bluetooth driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local d
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today