EUVD-2026-19568CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01088681; Issue ID: MSV-4460.
Analysis
Out-of-bounds write in MediaTek modem firmware enables remote privilege escalation when devices connect to attacker-controlled rogue cellular base stations. The vulnerability affects over 60 MediaTek chipset models widely deployed in smartphones and IoT devices, exploitable by adjacent network attackers without authentication (CVSS:3.1 AV:A/PR:N). …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all devices containing MediaTek chipsets (models susceptible to this CVE) and assess deployment in critical infrastructure or sensitive environments. Within 7 days: Contact MediaTek and device manufacturers for patch availability status and expected timeline; document any devices that cannot be patched. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today