Details of VAR-202602-0240

ID

VAR-202602-0240

CVE

CVE-2026-20402

TITLE

media tech's NR15 Out-of-bounds write vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2026-002751

DESCRIPTION

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00693083; Issue ID: MSV-5928. UE ) connects, it could allow a remote denial of service ( DoS ) exploit. Patch ID teeth MOLY00693083 ,problem ID teeth MSV-5928 is.Information handled by the software will not be leaked to the outside. Information handled by the software will not be rewritten. In addition, the software may stop functioning completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-20402 // JVNDB: JVNDB-2026-002751

AFFECTED PRODUCTS

vendor:	mediatek	model:	nr15	scope:	eq	version:	-	Trust: 1.0
vendor:	メディアテック	model:	nr15	scope:	eq	version:	-	Trust: 0.8
vendor:	メディアテック	model:	nr15	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-002751 // NVD: CVE-2026-20402

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2026-20402
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2026-002751
value:	HIGH
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2026-20402
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2026-002751
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-002751 // NVD: CVE-2026-20402

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [ others ]	Trust: 0.8
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-002751 // NVD: CVE-2026-20402

PATCH

title:

February 2026

url:

https://corp.mediatek.com/product-security-bulletin/February-2026

Trust: 0.8

sources: JVNDB: JVNDB-2026-002751

EXTERNAL IDS

db:	NVD	id:	CVE-2026-20402	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-002751	Trust: 0.8

sources: JVNDB: JVNDB-2026-002751 // NVD: CVE-2026-20402

REFERENCES

url:	https://corp.mediatek.com/product-security-bulletin/february-2026	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2026-20402	Trust: 0.8

sources: JVNDB: JVNDB-2026-002751 // NVD: CVE-2026-20402

SOURCES

db:	JVNDB	id:	JVNDB-2026-002751
db:	NVD	id:	CVE-2026-20402

LAST UPDATE DATE

2026-02-12T19:40:51.224000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-002751	date:	2026-02-06T01:37:00
db:	NVD	id:	CVE-2026-20402	date:	2026-02-04T14:28:00.447

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-002751	date:	2026-02-06T00:00:00
db:	NVD	id:	CVE-2026-20402	date:	2026-02-02T09:15:54.830