Nbiot Sdk
CVE-2026-20419
MEDIUM
Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
In wlan AP/STA firmware, there is a possible system becoming irresponsive due to an uncaught exception. This could lead to remote (proximal/adjacent) denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00461663 / WCNCR00463309; Issue ID: MSV-4852.
AnalysisAI
An uncaught exception in WLAN AP/STA firmware for NBIoT SDK, OpenWrt, and related development kits enables adjacent network attackers to trigger a denial of service condition that renders the system unresponsive without requiring authentication or user interaction. The vulnerability affects multiple wireless products and has no available patch at this time, presenting a medium-severity risk in networked environments.
Technical ContextAI
Classified as CWE-754 (Improper Check for Unusual or Exceptional Conditions). Affects Nbiot Sdk. In wlan AP/STA firmware, there is a possible system becoming irresponsive due to an uncaught exception. This could lead to remote (proximal/adjacent) denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00461663 / WCNCR00463309; Issue ID: MSV-4852.
RemediationAI
Monitor vendor advisories for a patch.
In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local
In httpclient, there is a possible out of bounds write due to uninitialized data. Rated critical severity (CVSS 9.8), th
Out-of-bounds write in Android WLAN STA driver due to missing bounds check allows local privilege escalation to System w
Nbiot Sdk contains a vulnerability that allows attackers to local escalation of privilege with User execution privileges
The Nbiot SDK's wlan STA driver contains a buffer overflow vulnerability due to missing bounds checking that allows priv
In Bluetooth driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of s
In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of se
In Bluetooth driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local d
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today