Sign-up

ID

VAR-202602-0269


CVE

CVE-2026-20401


TITLE

media tech's NR15 Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2026-002752

DESCRIPTION

In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738310; Issue ID: MSV-5933. Patch ID teeth MOLY01738310 ,problem ID teeth MSV-5933 is.Information handled by the software will not be leaked to the outside. Information handled by the software will not be rewritten. In addition, the software may stop functioning completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-20401 // JVNDB: JVNDB-2026-002752

AFFECTED PRODUCTS

vendor:mediatekmodel:nr15scope:eqversion: -

Trust: 1.0

vendor:メディアテックmodel:nr15scope:eqversion: -

Trust: 0.8

vendor:メディアテックmodel:nr15scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-002752 // NVD: CVE-2026-20401

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2026-20401
value: HIGH

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2026-20401
value: MEDIUM

Trust: 1.0

NVD: CVE-2026-20401
value: HIGH

Trust: 0.8

nvd@nist.gov: CVE-2026-20401
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2026-20401
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2026-20401
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-002752 // NVD: CVE-2026-20401 // NVD: CVE-2026-20401

PROBLEMTYPE DATA

problemtype:CWE-754

Trust: 1.0

problemtype:CWE-617

Trust: 1.0

problemtype:Reachable assertions (CWE-617) [ others ]

Trust: 0.8

problemtype: Improper checking in exceptional conditions (CWE-754) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-002752 // NVD: CVE-2026-20401

PATCH

title:February 2026url:https://corp.mediatek.com/product-security-bulletin/February-2026

Trust: 0.8

sources: JVNDB: JVNDB-2026-002752

EXTERNAL IDS

db:NVDid:CVE-2026-20401

Trust: 2.6

db:JVNDBid:JVNDB-2026-002752

Trust: 0.8

sources: JVNDB: JVNDB-2026-002752 // NVD: CVE-2026-20401

REFERENCES

url:https://corp.mediatek.com/product-security-bulletin/february-2026

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-20401

Trust: 0.8

sources: JVNDB: JVNDB-2026-002752 // NVD: CVE-2026-20401

SOURCES

db:JVNDBid:JVNDB-2026-002752
db:NVDid:CVE-2026-20401

LAST UPDATE DATE

2026-02-12T23:46:15.118000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-002752date:2026-02-06T01:37:00
db:NVDid:CVE-2026-20401date:2026-02-04T18:16:08.203

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-002752date:2026-02-06T00:00:00
db:NVDid:CVE-2026-20401date:2026-02-02T09:15:54.663