CVE-2026-20452 - Vulnerability Details

In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480138; Issue ID: MSV-6295.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00019.

Exploitation none

Automatable no

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

MediaTek, Inc.

MediaTek chipset

unaffected

Version	Status	Constraints
`MT6890`	affected	—
`MT7615`	affected	—
`MT7915`	affected	—
`MT7916`	affected	—
`MT7981`	affected	—
`MT7986`	affected	—
`MT7990`	affected	—
`MT7992`	affected	—
`MT7993`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:mediatek:mt6890_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:mediatek:mt7615_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt7615:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:mediatek:mt7915_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt7915:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:mediatek:mt7916_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt7916:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:mediatek:mt7981_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt7981:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:mediatek:mt7986_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt7986:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:mediatek:mt7990_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt7990:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:mediatek:mt7992_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt7992:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:mediatek:mt7993_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt7993:-:*:*:*:*:*:*:*

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Mediatek, Inc. Subscribe	Mediatek Chipset Subscribe

Project Subscriptions

Vendors	Products
Mediatek Subscribe	Mt6890 Subscribe Mt6890 Firmware Subscribe Mt7615 Subscribe Mt7615 Firmware Subscribe Mt7915 Subscribe Mt7915 Firmware Subscribe Mt7916 Subscribe Mt7916 Firmware Subscribe Mt7981 Subscribe Mt7981 Firmware Subscribe Mt7986 Subscribe Mt7986 Firmware Subscribe Mt7990 Subscribe Mt7990 Firmware Subscribe Mt7992 Subscribe Mt7992 Firmware Subscribe Mt7993 Subscribe Mt7993 Firmware Subscribe
Mediatek, Inc. Subscribe	Mediatek Chipset Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://corp.mediatek.com/product-security-bulletin/June-2026

History

Mon, 01 Jun 2026 18:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mediatek Mediatek mt6890 Mediatek mt6890 Firmware Mediatek mt7615 Mediatek mt7615 Firmware Mediatek mt7915 Mediatek mt7915 Firmware Mediatek mt7916 Mediatek mt7916 Firmware Mediatek mt7981 Mediatek mt7981 Firmware Mediatek mt7986 Mediatek mt7986 Firmware Mediatek mt7990 Mediatek mt7990 Firmware Mediatek mt7992 Mediatek mt7992 Firmware Mediatek mt7993 Mediatek mt7993 Firmware
CPEs		cpe:2.3:h:mediatek:mt6890:-:::::::* cpe:2.3:h:mediatek:mt7615:-:::::::* cpe:2.3:h:mediatek:mt7915:-:::::::* cpe:2.3:h:mediatek:mt7916:-:::::::* cpe:2.3:h:mediatek:mt7981:-:::::::* cpe:2.3:h:mediatek:mt7986:-:::::::* cpe:2.3:h:mediatek:mt7990:-:::::::* cpe:2.3:h:mediatek:mt7992:-:::::::* cpe:2.3:h:mediatek:mt7993:-:::::::* cpe:2.3:o:mediatek:mt6890_firmware:-:::::::* cpe:2.3:o:mediatek:mt7615_firmware:-:::::::* cpe:2.3:o:mediatek:mt7915_firmware:-:::::::* cpe:2.3:o:mediatek:mt7916_firmware:-:::::::* cpe:2.3:o:mediatek:mt7981_firmware:-:::::::* cpe:2.3:o:mediatek:mt7986_firmware:-:::::::* cpe:2.3:o:mediatek:mt7990_firmware:-:::::::* cpe:2.3:o:mediatek:mt7992_firmware:-:::::::* cpe:2.3:o:mediatek:mt7993_firmware:-:::::::*
Vendors & Products		Mediatek Mediatek mt6890 Mediatek mt6890 Firmware Mediatek mt7615 Mediatek mt7615 Firmware Mediatek mt7915 Mediatek mt7915 Firmware Mediatek mt7916 Mediatek mt7916 Firmware Mediatek mt7981 Mediatek mt7981 Firmware Mediatek mt7986 Mediatek mt7986 Firmware Mediatek mt7990 Mediatek mt7990 Firmware Mediatek mt7992 Mediatek mt7992 Firmware Mediatek mt7993 Mediatek mt7993 Firmware

Mon, 01 Jun 2026 14:15:00 +0000

Type	Values Removed	Values Added
Title	Remote Code Execution via Heap Buffer Overflow in MediaTek WLAN AP Driver

Mon, 01 Jun 2026 11:30:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 01 Jun 2026 05:45:00 +0000

Type	Values Removed	Values Added
Title		Remote Code Execution via Heap Buffer Overflow in MediaTek WLAN AP Driver
First Time appeared		Mediatek, Inc. Mediatek, Inc. mediatek Chipset
Vendors & Products		Mediatek, Inc. Mediatek, Inc. mediatek Chipset

Mon, 01 Jun 2026 04:00:00 +0000

Type	Values Removed	Values Added
Description		In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480138; Issue ID: MSV-6295.
Weaknesses		CWE-122
References		https://corp.mediatek.com/product-security-bulletin/June-2026

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: MediaTek

Published: 2026-06-01T03:20:08.315Z

Updated: 2026-06-02T03:55:38.204Z

Reserved: 2025-11-03T01:30:59.013Z

Link: CVE-2026-20452

Vulnrichment

Updated: 2026-06-01T11:00:54.420Z

NVD

Status : Analyzed

Published: 2026-06-01T04:16:21.753

Modified: 2026-06-01T18:12:11.313

Link: CVE-2026-20452

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-01T14:00:16Z

Weaknesses

CWE-122

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object