CVE-2026-20420 is a medium-severity vulnerability classified as CWE-125 (Out-of-bounds Read) affecting a wide range of MediaTek modem chipsets including MT2735, MT2737, MT6813, MT6815, MT6833, MT6835, MT6853, MT6855, MT6858, MT6873, MT6875, MT6877, MT6878, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6896, MT6897, MT6899, MT6980, MT6983, MT6985, MT6986, MT6989, MT6990, MT6991, MT6993, MT8676, and MT8791. The vulnerability stems from improper error handling in the modem firmware that can cause an out-of-bounds read, leading to a system crash. This crash results in a denial of service condition on the affected device. The attack vector is remote over the air interface, requiring the user equipment (UE) to connect to a rogue base station controlled by an attacker. No user interaction or elevated privileges are required to exploit this vulnerability, increasing its risk profile. The affected modem versions include NR15, NR16, NR17, and NR17R. The CVSS v3.1 score is 6.5 (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating that the attack requires adjacent network access (e.g., radio proximity), has low complexity, no privileges or user interaction, and impacts availability only. No known exploits are reported in the wild, but the potential for remote denial of service could disrupt mobile communications. The vendor has assigned patch ID MOLY01738313 and issue ID MSV-5935 for remediation. The vulnerability is particularly relevant to devices using MediaTek modems in mobile phones, IoT devices, and embedded systems that rely on cellular connectivity.

For European organizations, the primary impact of CVE-2026-20420 is the potential for remote denial of service on devices using the affected MediaTek modem chipsets. This can disrupt mobile communications, impacting business operations that rely on cellular connectivity, including remote work, IoT deployments, and critical infrastructure monitoring. Telecommunications providers may face network instability or customer service degradation if rogue base stations are deployed by attackers. The vulnerability could be exploited in targeted attacks against high-value organizations or critical infrastructure sectors such as energy, transportation, and public safety. Although the vulnerability does not compromise confidentiality or integrity, the loss of availability can have cascading effects on operational continuity and safety systems. The risk is heightened in environments where devices cannot be easily patched or replaced, such as industrial IoT or embedded systems. Additionally, the lack of user interaction or privileges required for exploitation increases the threat surface, especially in densely populated urban areas with many cellular devices. Overall, the vulnerability poses a moderate risk to European organizations dependent on cellular communications, warranting proactive mitigation.

1. Apply the official vendor patches (MOLY01738313) as soon as they become available to affected devices and firmware versions. 2. Network operators should monitor for and block rogue base stations using advanced radio frequency detection and anomaly detection tools to prevent malicious connections. 3. Implement network-level filtering and authentication mechanisms such as 5G security features that reduce the risk of connecting to unauthorized base stations. 4. For critical IoT and embedded devices using affected MediaTek modems, consider network segmentation and fallback communication methods to maintain availability during attacks. 5. Conduct regular firmware audits and inventory management to identify devices with vulnerable modem versions and prioritize remediation. 6. Collaborate with device manufacturers and telecom providers to ensure timely updates and security patches are deployed. 7. Educate security teams about the risk of rogue base stations and incorporate this threat into incident response plans. 8. Deploy endpoint detection solutions capable of identifying unusual modem behavior or repeated connection failures indicative of exploitation attempts. These targeted mitigations go beyond generic advice by focusing on radio network security, device inventory, and operational continuity strategies.