← Back ⬡ Vulnerabilities & CVEs Apr 07, 2026

CVE-2026-20433 | MediaTek MT8893 Base Station out-of-bounds write (MSV-4460 / EUVD-2026-19568)

VulDB Archived Apr 07, 2026 ✓ Full text saved

A vulnerability identified as critical has been detected in MediaTek MT2735, MT2737, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8668, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8775, MT8791,

Full text archived locally

✦ AI Summary · Claude Sonnet

VDB-355708 · CVE-2026-20433 · MSV-4460 MEDIATEK MT8893 BASE STATION OUT-OF-BOUNDS WRITE HISTORYDIFFRELATEJSONXMLCTI CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score 9.4 $0-$5k 1.74+ Summaryinfo A vulnerability labeled as critical has been found in MediaTek MT2735, MT2737, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8668, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8775, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883 and MT8893. Affected by this issue is some unknown functionality of the component Base Station Handler. Executing a manipulation can lead to out-of-bounds write. This vulnerability appears as CVE-2026-20433. The attack may be performed from remote. There is no available exploit. It is advisable to implement a patch to correct this issue. Detailsinfo A vulnerability classified as very critical was found in MediaTek MT2735, MT2737, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8668, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8775, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883 and MT8893. This vulnerability affects an unknown part of the component Base Station Handler. The manipulation with an unknown input leads to a out-of-bounds write vulnerability. The CWE definition for the vulnerability is CWE-787. The product writes data past the end, or before the beginning, of the intended buffer. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes: In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01088681; Issue ID: MSV-4460. The advisory is shared for download at corp.mediatek.com. This vulnerability was named CVE-2026-20433 since 11/03/2025. The exploitation appears to be easy. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 04/07/2026). Applying the patch MSV-4460 is able to eliminate this problem. The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2026-19568). Productinfo Type Chip Software Vendor MediaTek Name MT2735 MT2737 MT6813 MT6833 MT6833P MT6835 MT6835T MT6853 MT6853T MT6855 MT6855T MT6873 MT6875 MT6875T MT6877 MT6877T MT6877TT MT6878 MT6878M MT6879 MT6880 MT6883 MT6885 MT6886 MT6889 MT6890 MT6891 MT6893 MT6895 MT6895TT MT6896 MT6897 MT6899 MT6980 MT6980D MT6983 MT6983T MT6985 MT6985T MT6989 MT6989T MT6990 MT6991 MT8668 MT8673 MT8675 MT8676 MT8678 MT8755 MT8771 MT8775 MT8791 MT8791T MT8792 MT8793 MT8795T MT8797 MT8798 MT8863 MT8873 MT8883 MT8893 License commercial CPE 2.3info 🔒 🔒 🔒 CPE 2.2info 🔒 🔒 🔒 CVSSv4info VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv3info VulDB Meta Base Score: 9.8 VulDB Meta Temp Score: 9.4 VulDB Base Score: 9.8 VulDB Temp Score: 9.4 VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv2info Vector Complexity Authentication Confidentiality Integrity Availability Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock VulDB Base Score: 🔒 VulDB Temp Score: 🔒 VulDB Reliability: 🔍 Exploitinginfo Class: Out-of-bounds write CWE: CWE-787 / CWE-119 CAPEC: 🔒 ATT&CK: 🔒 Physical: No Local: No Remote: Yes Availability: 🔒 Status: Not defined Price Prediction: 🔍 Current Price Estimation: 🔒 0-Day Unlock Unlock Unlock Unlock Today Unlock Unlock Unlock Unlock Threat Intelligenceinfo Interest: 🔍 Active Actors: 🔍 Active APT Groups: 🔍 Countermeasuresinfo Recommended: Patch Status: 🔍 0-Day Time: 🔒 Patch: MSV-4460 Timelineinfo 11/03/2025 CVE reserved 04/07/2026 +154 days Advisory disclosed 04/07/2026 +0 days VulDB entry created 04/07/2026 +0 days VulDB entry last update Sourcesinfo Advisory: MSV-4460 Status: Confirmed CVE: CVE-2026-20433 (🔒) GCVE (CVE): GCVE-0-2026-20433 GCVE (VulDB): GCVE-100-355708 EUVD: 🔒 Entryinfo Created: 04/07/2026 07:21 Updated: 04/07/2026 08:30 Changes: 04/07/2026 07:21 (56), 04/07/2026 08:30 (1) Complete: 🔍 Cache ID: 99:D51:101 Discussion No comments yet. Languages: en. Please log in to comment. ◂ PreviousOverviewNext ▸

💬 Team Notes