Is Nr17 affected by CVE-2026-20434?

A critical vulnerability in cellular modem firmware allows remote attackers to gain unauthorized system privileges by impersonating legitimate base stations, potentially compromising any mobile device or IoT endpoint connected to affected networks.

CVE-2026-20434

HIGH

2026-03-02 [email protected]

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

CVE Published

Mar 02, 2026 - 09:16 nvd

HIGH 7.5

Description

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY00782946; Issue ID: MSV-4135.

Analysis

Privilege escalation in Modem affects Nr17, Lr13, Nr16, Lr12a, and Nr15 devices through an out-of-bounds write vulnerability triggered when connecting to a rogue base station. An attacker controlling a malicious base station can achieve remote code execution and full system compromise without requiring additional privileges or user interaction beyond initial network connection. …

Remediation

Within 24 hours: Inventory all devices with affected modems and assess business criticality. Within 7 days: Disable non-essential cellular connectivity where possible, restrict device usage in untrusted network environments, and establish a vulnerability tracking process for vendor patch availability. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +38

POC: 0

CVE-2026-20434 vulnerability details – vuln.today

Back

CVE-2026-20434

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-20434

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code