Zero Day MonitorZDM

← Back to list

8.0

CVE-2026-20452

mediatek · mediatek chipset

CVE-2026-20452: In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote (proxi

Description

In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480138; Issue ID: MSV-6295.

Affected Products

Vendor	Product	Versions
mediatek	mediatek chipset	MT6890, MT7615, MT7915, MT7916, MT7981, MT7986, MT7990, MT7992, MT7993

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
lenovo	computer	cert_advisory	90%

References

https://corp.mediatek.com/product-security-bulletin/June-2026

Related News (2 articles)

Tier B

BSI Advisories18d ago

[NEU] [hoch] Lenovo ThinkPad Computer: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB27d ago

CVE-2026-20452 | MediaTek MT7993 WLAN AP Driver heap-based overflow (MSV-6295)

→ No new info (linked only)

CVSS 3.18.0 HIGH

VectorCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

CWECWE-122

PublishedJun 1, 2026

Last enriched27d agov2

Trending Score6

Source articles2

Independent2

Info Completeness7/14

Missing: cvss, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-53097EXP

wifi: mt76: mt7996: fix use-after-free bugs in mt7996_mac_dump_work()

CRITICALCVE-2026-53101

wifi: mt76: mt7921: fix potential deadlock in mt7921_roc_abort_sync

CRITICALCVE-2026-53098

wifi: mt76: mt7915: fix use-after-free bugs in mt7915_mac_dump_work()

MEDIUMCVE-2026-20456

CVE-2026-20456: In wlan STA driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of s

HIGHCVE-2026-20455

CVE-2026-20455: In geniezone, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 1, 2026

Discovered by ZDM

Jun 1, 2026

Updated: severity

Jun 1, 2026

Version History

v2

Last enriched 27d ago

v2Tier C27d ago

Updated severity to CRITICAL and clarified that no exploit exists.

severity

via VulDB

v127d ago

Initial creation