CVE-2026-20402 is an out-of-bounds write vulnerability (CWE-787) found in the modem firmware of numerous MediaTek chipsets, including MT2735, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8675, MT8771, MT8791, MT8791T, and MT8797. The flaw stems from improper input validation within the modem's NR15 firmware version, which can be triggered remotely when a user equipment (UE) device connects to a maliciously controlled rogue base station. This causes an out-of-bounds write leading to a system crash, effectively resulting in a denial of service condition. The vulnerability does not require any user interaction or elevated privileges, making it easier to exploit in scenarios where attackers can simulate or control base stations. The CVSS v3.1 score is 6.5, reflecting medium severity with an attack vector requiring adjacent network access (the radio interface), low attack complexity, no privileges required, no user interaction, and impact limited to availability (system crash). No known exploits have been reported in the wild, but the potential for disruption exists especially in environments where devices rely on vulnerable MediaTek modems. The issue was reserved in November 2025 and published in February 2026, with a patch identified as MOLY00693083 (issue MSV-5928), though patch distribution details are not provided. This vulnerability highlights risks in cellular infrastructure and device firmware where rogue base stations can be used as attack vectors.

For European organizations, the primary impact is the risk of remote denial of service on devices using affected MediaTek modem chipsets. This can disrupt mobile communications, affecting enterprise mobile devices, IoT endpoints, and critical infrastructure relying on cellular connectivity. Telecom operators could see service degradation or outages if rogue base stations are deployed in their coverage areas. Industries such as finance, healthcare, transportation, and emergency services that depend on reliable mobile connectivity may experience operational interruptions. Additionally, the vulnerability could be leveraged in targeted attacks against high-value individuals or organizations by forcing device reboots or service loss. Although no direct data compromise is indicated, availability impacts can cascade into broader business continuity issues. The lack of required user interaction or privileges lowers the barrier for attackers with access to radio interfaces, increasing the threat surface in dense urban or public environments where rogue base stations can be deployed.

Organizations should prioritize applying the vendor-provided patch MOLY00693083 as soon as it becomes available for their devices. Network operators and security teams should implement detection mechanisms for rogue base stations, such as monitoring unusual base station identifiers and signal anomalies. Employing mobile threat defense solutions that can detect suspicious cellular network behavior can help mitigate exploitation risk. Device management policies should ensure firmware updates are deployed promptly across all affected endpoints. For critical infrastructure, consider network segmentation and fallback communication channels to maintain availability during potential DoS events. Collaboration with telecom providers to enhance base station authentication and integrity checks can reduce the feasibility of rogue base station attacks. Finally, raising user awareness about the risks of connecting to untrusted cellular networks can complement technical controls.