Out of Bounds Write Vulnerability in MediaTek WLAN AP Firmware
CVE-2026-20430

8.8HIGH

Key Information:

Vendor: MediaTek
Status: Mediatek Chipset
Vendor: CVE Published:; 2 March 2026

What is CVE-2026-20430?

An out of bounds write vulnerability has been identified in the firmware of MediaTek WLAN access points. This issue arises from an incorrect bounds check, allowing a remote attacker (proximal or adjacent) to escalate privileges without requiring any additional execution rights. The vulnerability does not necessitate user interaction, which increases the risk of exploitation. MediaTek has provided a patch (ID: WCNCR00467553) to address this issue, and it is crucial for users to update their devices to safeguard against potential threats.

Affected Version(s)

MediaTek chipset MT6890

MediaTek chipset MT7915

MediaTek chipset MT7916

References

https://corp.mediatek.com/product-security-bulletin/March...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 2, 2026
Vulnerability Reserved
Nov 3, 2025

CVE-2026-20430 Data

JSON