Nbiot Sdk
CVE-2026-20436
MEDIUM
Severity by source
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
In wlan STA driver, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00473802; Issue ID: MSV-5970.
AnalysisAI
The Nbiot SDK's wlan STA driver contains a buffer overflow vulnerability due to missing bounds checking that allows privilege escalation from System-level access. An attacker with existing System privileges can exploit this flaw without user interaction to gain elevated permissions. No patch is currently available for this vulnerability.
Technical ContextAI
Classified as CWE-120 (Classic Buffer Overflow). Affects Nbiot Sdk. In wlan STA driver, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00473802; Issue ID: MSV-5970.
RemediationAI
Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible.
In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local
In httpclient, there is a possible out of bounds write due to uninitialized data. Rated critical severity (CVSS 9.8), th
Out-of-bounds write in Android WLAN STA driver due to missing bounds check allows local privilege escalation to System w
Nbiot Sdk contains a vulnerability that allows attackers to local escalation of privilege with User execution privileges
An uncaught exception in WLAN AP/STA firmware for NBIoT SDK, OpenWrt, and related development kits enables adjacent netw
In Bluetooth driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of s
In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of se
In Bluetooth driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local d
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today