Zero Day MonitorZDM

← Back to list

5.5

CVE-2026-20456

mediatek · mediatek chipset

CVE-2026-20456: In wlan STA driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of s

Description

In wlan STA driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480851; Issue ID: MSV-6338.

Affected Products

Vendor	Product	Versions
mediatek	mediatek chipset	MT7902, MT7920, MT7921, MT7922, MT7925, MT7927

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
lenovo	computer	cert_advisory	90%

References

https://corp.mediatek.com/product-security-bulletin/June-2026

Related News (2 articles)

Tier B

BSI Advisories18d ago

[NEU] [hoch] Lenovo ThinkPad Computer: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB27d ago

CVE-2026-20456 | MediaTek MT7902/MT7920/MT7921/MT7922/MT7925/MT7927 WLAN STA Driver out-of-bounds write (MSV-6338)

→ No new info (linked only)

CVSS 3.15.5 MEDIUM

VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA KEV❌ No

Actively exploited❌ No

CWECWE-787

PublishedJun 1, 2026

Last enriched27d agov2

Tags

WLANDriverOut-of-bounds

Trending Score5

Source articles2

Independent2

Info Completeness7/14

Missing: cvss, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-53097EXP

wifi: mt76: mt7996: fix use-after-free bugs in mt7996_mac_dump_work()

CRITICALCVE-2026-53101

wifi: mt76: mt7921: fix potential deadlock in mt7921_roc_abort_sync

CRITICALCVE-2026-53098

wifi: mt76: mt7915: fix use-after-free bugs in mt7915_mac_dump_work()

HIGHCVE-2026-20452

CVE-2026-20452: In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote (proxi

HIGHCVE-2026-20455

CVE-2026-20455: In geniezone, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 1, 2026

Discovered by ZDM

Jun 1, 2026

Updated: description, severity, tags

Jun 1, 2026

Version History

v2

Last enriched 27d ago

v2Tier C27d ago

Updated severity to CRITICAL, corrected exploit availability to false, and added new description with technical details.

descriptionseveritytags

via VulDB

v127d ago

Initial creation