CVE-2026-20402

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability in MediaTek modems allows remote denial of service through improper input validation. Attackers can crash affected devices by connecting them to rogue base stations without user interaction. All devices using vulnerable MediaTek modem firmware are affected.

💻 Affected Systems

Products:
  • MediaTek modem chipsets
Versions: Specific firmware versions not specified in advisory
Operating Systems: Android and other OS using MediaTek modems
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices with vulnerable MediaTek modem firmware; exact device models not specified in provided information.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Permanent device bricking requiring hardware replacement, complete loss of cellular connectivity, and potential cascading failures in cellular networks.

🟠

Likely Case

Temporary device crash requiring reboot, loss of cellular service until restart, and potential data corruption during crash.

🟢

If Mitigated

Minimal impact with proper network segmentation and base station authentication controls preventing rogue base station connections.

🌐 Internet-Facing: HIGH - Attackers can exploit remotely via cellular networks without authentication.
🏢 Internal Only: LOW - Requires cellular network access, not typical internal network exposure.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Requires attacker to operate rogue base station, which requires specialized equipment but no authentication or user interaction.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patch ID: MOLY00693083

Vendor Advisory: https://corp.mediatek.com/product-security-bulletin/February-2026

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply MediaTek modem firmware update containing patch MOLY00693083. 3. Reboot device after update.

🔧 Temporary Workarounds

Disable automatic network selection

android

Manually select trusted network operators to prevent connection to rogue base stations

Settings > Network & Internet > Mobile network > Network operators > Choose manually

Enable base station authentication

all

Configure network to require base station authentication if supported by carrier

🧯 If You Can't Patch

  • Segment cellular devices on separate network segments with strict firewall rules
  • Implement network monitoring for unusual base station connections and device crashes

🔍 How to Verify

Check if Vulnerable:

Check modem firmware version against MediaTek security bulletin; contact device manufacturer for specific vulnerability status.

Check Version:

adb shell getprop | grep gsm.version.baseband (for Android devices)

Verify Fix Applied:

Verify patch MOLY00693083 is applied in modem firmware version; check with device manufacturer's update documentation.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected device reboots
  • Modem crash logs
  • Base station connection failures
  • Kernel panic related to modem

Network Indicators:

  • Devices connecting to unknown base station IDs
  • Unusual cellular network traffic patterns
  • Multiple devices crashing simultaneously

SIEM Query:

source="android_logs" AND ("modem crash" OR "baseband crash" OR "gsm.version.baseband" AND event_type="crash")

📊 Metadata

CVE ID: CVE-2026-20402
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-787
Published: February 2, 2026
Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

📤 Share This