MediaTek Mt6855
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in MediaTek Mt6855.
By the Year
In 2026 there have been 3 vulnerabilities in MediaTek Mt6855 with an average score of 6.5 out of ten. Last year, in 2025 Mt6855 had 12 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Mt6855 in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.13.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 3 | 6.50 |
| 2025 | 12 | 6.37 |
| 2024 | 1 | 7.40 |
It may take a day or so for new Mt6855 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent MediaTek Mt6855 Security Vulnerabilities
MediaTek Modem Remote DoS via Input Validation Crash
CVE-2026-20421
6.5 - Medium
- February 02, 2026
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738293; Issue ID: MSV-5922.
Out-of-bounds Read
Remote DoS via Improper Input Validation in MediaTek Modem
CVE-2026-20402
6.5 - Medium
- February 02, 2026
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00693083; Issue ID: MSV-5928.
Memory Corruption
Remote DoS via Uncaught Exception in MediaTek Modem
CVE-2026-20401
6.5 - Medium
- February 02, 2026
In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738310; Issue ID: MSV-5933.
assertion failure
Remote DoS via Improper Validation in Modem
CVE-2025-20750
6.5 - Medium
- December 02, 2025
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01661199; Issue ID: MSV-4296.
NULL Pointer Dereference
Modem BOUNDS Check Omission Enables Remote DoS via Rogue Base Station
CVE-2025-20751
6.5 - Medium
- December 02, 2025
In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01661195; Issue ID: MSV-4297.
Memory Corruption
Remote DoS via Modem Crash (CVE-2025-20791)
CVE-2025-20791
6.5 - Medium
- December 02, 2025
In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01661189; Issue ID: MSV-4298.
assertion failure
Remote DoS via Rogue Base Station in Modem (CVE-2025-20756)
CVE-2025-20756
6.5 - Medium
- December 02, 2025
In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673749; Issue ID: MSV-4643.
Improper Validation of Specified Type of Input
Modem Remote DoS via Improper Input Validation
CVE-2025-20757
6.5 - Medium
- December 02, 2025
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673751; Issue ID: MSV-4644.
assertion failure
Modem Remote DoS via Rogue Base Station
CVE-2025-20790
5.3 - Medium
- December 02, 2025
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01677581; Issue ID: MSV-4701.
NULL Pointer Dereference
Rogue BSS Causing Modem Crash (DoS)
CVE-2025-20755
5.3 - Medium
- December 02, 2025
In Modem, there is a possible application crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00628396; Issue ID: MSV-4775.
NULL Pointer Dereference
Modem RDoS via Improper Input Validation
CVE-2025-20792
5.3 - Medium
- December 02, 2025
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01717526; Issue ID: MSV-5591.
assertion failure
Modem Uncaught Exception -> Remote DoS via Rogue Base Station
CVE-2025-20666
6.5 - Medium
- May 05, 2025
In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00650610; Issue ID: MSV-2933.
assertion failure
Local Priv Esc via Permission Bypass in DA Component – Logic Error
CVE-2025-20658
- April 07, 2025
In DA, there is a possible permission bypass due to a logic error. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09474894; Issue ID: MSV-2597.
Memory Corruption
CVE-2025-20656: OOB Write in DA Enables Physical Local Priv Esc Escalation
CVE-2025-20656
- April 07, 2025
In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09625423; Issue ID: MSV-3033.
Memory Corruption
Modem OOB Write Allows RCE via Rogue Base Station
CVE-2024-20154
8.8 - High
- January 06, 2025
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00720348; Issue ID: MSV-2392.
Stack Overflow
Cisco Telephony Priv Escalation via Permission Bypass (CVE-2024-20015)
CVE-2024-20015
7.4 - High
- February 05, 2024
In telephony, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441419; Issue ID: ALPS08441419.
Authentication Bypass by Primary Weakness
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for MediaTek Mt6855 or by MediaTek? Click the Watch button to subscribe.
