CVE-2026-20421 is a medium-severity vulnerability classified as an out-of-bounds read (CWE-125) found in multiple MediaTek modem chipsets, including MT2735, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, and MT8791. The vulnerability exists due to improper input validation in the modem firmware, specifically in the handling of data received from the network. When a user equipment (UE) device connects to a rogue base station controlled by an attacker, crafted inputs can trigger an out-of-bounds read condition, causing the modem system to crash. This results in a denial of service (DoS) condition, disrupting the device’s communication capabilities. Notably, exploitation does not require any user interaction or elevated privileges, making it easier for attackers to execute remotely. The vulnerability affects devices running the Modem NR15 version. The CVSS v3.1 score of 6.5 reflects a medium severity with an attack vector of adjacent network (AV:A), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N/I:N), but high impact on availability (A:H). No public exploits are known at this time, but the risk remains significant due to the potential for service disruption. MediaTek has assigned a patch (MOLY01738293) to address this issue, and users are advised to update affected devices promptly. The vulnerability is particularly relevant for mobile devices and IoT equipment using these chipsets, as they rely on modem connectivity for operation.

For European organizations, the primary impact of CVE-2026-20421 is the potential for remote denial of service on devices using affected MediaTek modems. This can disrupt mobile communications, impacting business operations reliant on cellular connectivity, including IoT deployments, mobile workforce devices, and critical communication infrastructure. Service interruptions could affect sectors such as telecommunications, transportation, healthcare, and emergency services. The lack of required user interaction or privileges lowers the barrier for attackers, increasing the risk of widespread disruption if rogue base stations are deployed. While confidentiality and integrity are not directly impacted, availability degradation can lead to operational downtime and potential safety risks in critical environments. The threat is heightened in environments where devices cannot be easily patched or replaced, such as embedded systems or remote IoT nodes. Additionally, the presence of rogue base stations in urban or industrial areas could facilitate targeted attacks against specific organizations or sectors.

1. Apply the official MediaTek patch MOLY01738293 as soon as it becomes available and is validated for your devices. 2. Implement network monitoring to detect and block rogue base stations, using tools capable of identifying anomalous cellular signals or unauthorized network nodes. 3. Employ device management solutions to inventory and track devices with affected MediaTek chipsets, prioritizing patch deployment and monitoring. 4. For critical infrastructure, consider deploying multi-factor communication channels or fallback connectivity options to mitigate the impact of modem outages. 5. Educate network security teams about the risk of rogue base stations and incorporate detection into security operations center (SOC) workflows. 6. Collaborate with mobile network operators to report and mitigate unauthorized base stations in your operational areas. 7. For IoT deployments, design redundancy and failover mechanisms to maintain service continuity in case of modem failure. 8. Regularly update device firmware and maintain an asset management program to ensure timely vulnerability remediation.