Severity by source
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Local-only vector (AV:L) with high privilege prerequisite (PR:H) matches the System-level access requirement; full C/I/A impact reflects post-escalation control.
Primary rating from Vendor (MediaTek).
CVSS VectorVendor: MediaTek
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
In Modem, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: MOLY01716533; Issue ID: MSV-6309.
AnalysisAI
Local privilege escalation in the Modem component across 80+ MediaTek chipsets allows an attacker already holding System-level access to bypass permission enforcement (CWE-280) and escalate further within the device. The vulnerability is confirmed by MediaTek in their July 2026 Product Security Bulletin (Patch ID: MOLY01716533, Issue ID: MSV-6309) and affects a broad swath of chipsets spanning low-end to flagship tiers. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to have already obtained System-level privilege on the target Android device running an affected MediaTek chipset - this is explicitly stated in the CVE description and confirmed by the PR:H metric in the CVSS vector (AV:L/AC:L/PR:H/UI:N). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score of 6.7 (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) accurately characterizes the key limiting factor: an attacker must already possess System-level privilege on the target device before this vulnerability is exploitable. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has already gained System-level code execution on a MediaTek-based Android device - for example, by chaining an application-layer vulnerability with a kernel privilege escalation - targets the Modem component using this permissions bypass to escalate beyond System to a higher-privileged context such as the baseband or trusted execution environment. No user interaction is required once System access is established. … |
| Remediation | MediaTek has released a patch identified as Patch ID MOLY01716533, disclosed in the July 2026 MediaTek Product Security Bulletin at https://corp.mediatek.com/product-security-bulletin/July-2026. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Mediatek Chipset
View allOut-of-bounds write in MediaTek modem firmware enables remote privilege escalation when devices connect to attacker-cont
Out-of-bounds write in MediaTek modem chipset implementations allows remote privilege escalation when user equipment con
Heap buffer overflow in the MediaTek WLAN access point driver allows adjacent-network attackers with low-privilege user
Local privilege escalation in MediaTek GenieZone (trusted execution environment) allows an attacker who has already gain
Remote privilege escalation in the baseband modem firmware of dozens of MediaTek chipsets allows an attacker operating a
Heap buffer overflow in the Telephony subsystem of MediaTek chipsets enables local privilege escalation on affected Andr
Local privilege escalation in MediaTek's geniezone hypervisor component affects 36 distinct chipsets spanning budget to
Out-of-bounds write in MediaTek's slbc (secure local buffer component) due to type confusion allows local privilege esca
Local privilege escalation in MediaTek geniezone component due to missing bounds check allows System-privileged actors t
Local privilege escalation in MediaTek chipsets (MT6765, MT8893, MT8791T, and 19 others) due to missing permission check
Remote denial of service in MediaTek modem firmware across 47+ chipset variants allows attackers to crash the modem via
Remote denial of service in MediaTek modem chipsets allows unauthenticated attackers to crash the system via a logic err
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40876
GHSA-hq5v-pc42-8w5f