MEDIUM🇵🇱 Wersja polska

CVE-2026-20436

CVSS 6.7v3.1pub. 2026-03-02upd. 2026-03-03

In wlan STA driver, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00473802; Issue ID: MSV-5970.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Mediatek Mt7902

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7920

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7921

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7922

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7925

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7927

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt8696

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Nbiot Sdk

    APP
    Mediatek
    ≤ 3.8
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-20407CRITICAL9.3PL ✓ten sam produkt

Privilege escalation w sterowniku WLAN STA MediaTek — brak bounds check

CVE-2025-20680CRITICAL9.8PL ✓ten sam produkt

MediaTek Bluetooth – heap buffer overflow umożliwiający privilege escalation

CVE-2025-20672CRITICAL9.8PL ✓ten sam produkt

Przepełnienie bufora sterty w sterowniku Bluetooth — MediaTek MT79xx

CVE-2024-20148CRITICAL9.8PL ✓ten sam produkt

Out-of-bounds write w WLAN STA FW MediaTek — zdalne RCE

CVE-2024-20100CRITICAL9.8PL ✓ten sam produkt

MediaTek WLAN Driver — zapis poza granicami bufora umożliwia RCE