Denial of Service Vulnerability in Modem by MediaTek
CVE-2026-20404
Key Information:
- Vendor
MediaTek
- Vendor
- CVE Published:
- 2 February 2026
Badges
What is CVE-2026-20404?
In MediaTek's modem, a security flaw exists due to insufficient input validation, which could allow attackers to induce a system crash. This vulnerability particularly arises when a User Equipment (UE) connects to a maliciously controlled rogue base station. Notably, the exploitation of this flaw does not require any user interaction nor elevated execution privileges, making it critical for users to ensure their devices are updated to versions that incorporate the necessary security patches.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
MT2735, MT2737, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6858, MT6873, MT6875, MT6877, MT6878, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6896, MT6897, MT6899, MT6980, MT6983, MT6985, MT6986, MT6989, MT6990, MT6991, MT6993, MT8668, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893 Modem NR15 , NR16 , NR17 , NR17R
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved