CVE-2026-20419

Summary

In wlan AP/STA firmware, there is a possible system becoming irresponsive due to an uncaught exception. This could lead to remote (proximal/adjacent) denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00461663 / WCNCR00463309; Issue ID: MSV-4852.

Affected Software

VendorProductVersion RangeStatus
MediaTek, Inc.MediaTek chipsetMT6890affected
MediaTek, Inc.MediaTek chipsetMT6989TBaffected
MediaTek, Inc.MediaTek chipsetMT7902affected
MediaTek, Inc.MediaTek chipsetMT7915affected
MediaTek, Inc.MediaTek chipsetMT7916affected
MediaTek, Inc.MediaTek chipsetMT7920affected
MediaTek, Inc.MediaTek chipsetMT7921affected
MediaTek, Inc.MediaTek chipsetMT7922affected
MediaTek, Inc.MediaTek chipsetMT7925affected
MediaTek, Inc.MediaTek chipsetMT7927affected
MediaTek, Inc.MediaTek chipsetMT7981affected
MediaTek, Inc.MediaTek chipsetMT7986affected
MediaTek, Inc.MediaTek chipsetMT8196affected
MediaTek, Inc.MediaTek chipsetMT8668affected
MediaTek, Inc.MediaTek chipsetMT8676affected
MediaTek, Inc.MediaTek chipsetMT8678affected
MediaTek, Inc.MediaTek chipsetMT8775affected
MediaTek, Inc.MediaTek chipsetMT8791Taffected
MediaTek, Inc.MediaTek chipsetMT8792affected
MediaTek, Inc.MediaTek chipsetMT8793affected
MediaTek, Inc.MediaTek chipsetMT8796affected
MediaTek, Inc.MediaTek chipsetMT8873affected
MediaTek, Inc.MediaTek chipsetMT8883affected
MediaTek, Inc.MediaTek chipsetMT8893affected
MediaTek, Inc.MediaTek chipsetMT8910affected

Weaknesses

  • CWE-754: CWE-754 Improper Check for Unusual or Exceptional Conditions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References