Out of Bounds Write in MediaTek Wlan STA Driver
CVE-2026-20423

7.8HIGH

Key Information:

Vendor

MediaTek
Status
Mt7902, Mt7920, Mt7921, Mt7922, Mt7925, Mt7927
Vendor
CVE Published:
2 March 2026

What is CVE-2026-20423?

A security vulnerability exists in the MediaTek wlan STA driver, caused by a missing bounds check that may allow for an out of bounds write. This flaw could be exploited locally by an attacker with user execution privileges. Notably, the exploitation does not require user interaction, thus presenting an increased risk for affected systems. The vulnerability has been addressed in patch WCNCR00465314, which is recommended for users to apply as a preventive measure.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

MT7902, MT7920, MT7921, MT7922, MT7925, MT7927 NB SDK release 3.8 and before

References

https://corp.mediatek.com/product-security-bulletin/March...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.