CVE-2026-20402 is a vulnerability classified under CWE-787 (Out-of-bounds Write) found in the modem component of various MediaTek chipsets, including models MT2735 through MT8797. The root cause is improper input validation, which allows an attacker controlling a rogue base station to send specially crafted data to the modem, triggering an out-of-bounds write. This memory corruption leads to a system crash, resulting in a denial of service (DoS) condition on the affected device. The attack vector is remote over the air interface (AV:A), requiring no privileges (PR:N) and no user interaction (UI:N). The scope is unchanged (S:U), and the impact is limited to availability (A:H) with no confidentiality or integrity impact. The CVSS v3.1 base score is 6.5, reflecting a medium severity. The vulnerability affects a broad range of MediaTek chipsets widely used in mobile devices and IoT products. Although no exploits are currently known in the wild, the potential for disruption exists if attackers deploy rogue base stations to target vulnerable devices. A patch identified as MOLY00693083 addresses the issue, though no direct patch links are provided. This vulnerability highlights the risk of rogue base station attacks exploiting modem firmware flaws to disrupt device availability.

The primary impact of CVE-2026-20402 is a remote denial of service affecting devices with vulnerable MediaTek chipsets. This can cause affected devices to crash or become unresponsive, disrupting communications and potentially impacting critical services relying on these devices. Since exploitation requires no user interaction or privileges, attackers can cause widespread disruption if they control rogue base stations in proximity to targeted devices. This is particularly concerning for mobile network operators, IoT deployments, and industries relying on continuous connectivity such as telecommunications, transportation, and emergency services. The lack of confidentiality or integrity impact limits data breach risks, but availability loss can degrade user experience and operational continuity. The broad chipset coverage increases the attack surface globally, especially in regions with high MediaTek device penetration. Organizations may face service outages, customer dissatisfaction, and increased operational costs due to mitigation and recovery efforts.

1. Apply the official patch MOLY00693083 from MediaTek as soon as it becomes available and validated for your devices. 2. Network operators should monitor for and block rogue base stations using advanced detection systems and anomaly-based intrusion detection to prevent attacker-controlled base stations from connecting to user equipment (UE). 3. Device manufacturers should update firmware and distribute updates promptly to end users, ensuring secure update mechanisms to prevent tampering. 4. Implement network-level protections such as mutual authentication and stronger base station verification protocols to reduce the risk of rogue base station exploitation. 5. For critical deployments, consider deploying network segmentation and fallback communication methods to maintain availability during attacks. 6. Educate users and administrators about the risks of connecting to untrusted networks and encourage vigilance for unusual device behavior. 7. Collaborate with mobile network providers to share threat intelligence and coordinate responses to detected rogue base stations. 8. Conduct regular security assessments and penetration testing focusing on cellular modem vulnerabilities and rogue base station scenarios.