CVE-2026-20452

Summary

In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480138; Issue ID: MSV-6295.

Affected Software

VendorProductVersion RangeStatus
MediaTek, Inc.MediaTek chipsetMT6890affected
MediaTek, Inc.MediaTek chipsetMT7615affected
MediaTek, Inc.MediaTek chipsetMT7915affected
MediaTek, Inc.MediaTek chipsetMT7916affected
MediaTek, Inc.MediaTek chipsetMT7981affected
MediaTek, Inc.MediaTek chipsetMT7986affected
MediaTek, Inc.MediaTek chipsetMT7990affected
MediaTek, Inc.MediaTek chipsetMT7992affected
MediaTek, Inc.MediaTek chipsetMT7993affected

Weaknesses

  • CWE-122: CWE-122 Heap Overflow

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References