VDB
CVE-2026-20407
CVE-2026-20407
PUBLISHED
CVSS 9.300000190734863 CRITICAL
In wlan STA driver, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00464377; Issue ID: MSV-4905.
EPSS 0.01% · 1.1th percentile
Risk Scores
CVSS 3.1
9.300000190734863
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.01%
1.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| MediaTek, Inc. | MediaTek chipset | MT7920, MT7921, MT7922 |
| MediaTek, Inc. | MT7902, MT7920, MT7921, MT7922, MT7925, MT7927 | NB SDK release 3.8 and before |
| mediatek | nbiot_sdk | 0, 0 |
Exploit Intelligence
- CIRCL seen: CVE-2026-20407 (circl-sighting)
- https://corp.mediatek.com/product-security-bulletin/February-2026 (circl)
Timeline
- Feb 2, 2026 EPSS Score
- Feb 2, 2026 CVE Published
- Feb 3, 2026 PoC Published
- Feb 4, 2026 EPSS Score
- Feb 7, 2026 EPSS Score
- Feb 9, 2026 EPSS Score
- Feb 11, 2026 EPSS Score
- Feb 14, 2026 EPSS Score
- Feb 16, 2026 EPSS Score
- Feb 18, 2026 EPSS Score
- Feb 20, 2026 EPSS Score
- Feb 23, 2026 EPSS Score