MediaTek Nr15
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in MediaTek Nr15.
By the Year
In 2026 there have been 0 vulnerabilities in MediaTek Nr15. Last year, in 2025 Nr15 had 5 security vulnerabilities published. Right now, Nr15 is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 5 | 6.50 |
| 2024 | 10 | 7.80 |
| 2023 | 4 | 7.83 |
| 2022 | 1 | 7.50 |
It may take a day or so for new Nr15 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent MediaTek Nr15 Security Vulnerabilities
IMS Service Crash Vulnerability Allows Remote DoS via Rogue Base Station
CVE-2025-20678
6.5 - Medium
- June 02, 2025
In ims service, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01394606; Issue ID: MSV-2739.
Stack Exhaustion
Modem Uncaught Exception -> Remote DoS via Rogue Base Station
CVE-2025-20666
6.5 - Medium
- May 05, 2025
In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00650610; Issue ID: MSV-2933.
assertion failure
Modem IE via error handling in rogue base station
CVE-2025-20667
6.5 - Medium
- May 05, 2025
In Modem, there is a possible information disclosure due to incorrect error handling. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01513293; Issue ID: MSV-2741.
Inadequate Encryption Strength
Memory Corruption in Modem Firmware Enables Remote DoS via Rogue Base Station
CVE-2025-20644
6.5 - Medium
- March 03, 2025
In Modem, there is a possible memory corruption due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01525673; Issue ID: MSV-2747.
Improper Validation of Syntactic Correctness of Input
Modem Remote DoS via Logic Error
CVE-2024-20150
- January 06, 2025
In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01412526; Issue ID: MSV-2018.
Marshaling, Unmarshaling
Modem Remote DoS via Missing Bounds Check
CVE-2024-20094
- October 07, 2024
In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00843282; Issue ID: MSV-1535.
Memory corruption in Modem component enables RCE
CVE-2024-20082
- August 14, 2024
In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01182594; Issue ID: MSV-1529.
Buffer Overflow
Remote Info Disclosure via Weak Crypto in Modem Firmware
CVE-2024-20070
- June 03, 2024
In modem, there is a possible information disclosure due to using risky cryptographic algorithm during connection establishment negotiation. This could lead to remote information disclosure, when weak encryption algorithm is used, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00942482; Issue ID: MSV-1469.
Use of a Broken or Risky Cryptographic Algorithm
Modem VoWiFi IKE DH Downgrade Allows Remote Info Disclosure
CVE-2024-20069
- June 03, 2024
In modem, there is a possible selection of less-secure algorithm during the VoWiFi IKE due to a missing DH downgrade check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01286330; Issue ID: MSV-1430.
Modem Firmware OOB Write Enables Remote RCE
CVE-2024-20039
- April 01, 2024
In modem protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01240012; Issue ID: MSV-1215.
Remote DoS via Bounds Check in Modem IMS Stack
CVE-2023-32887
7.5 - High
- January 02, 2024
In Modem IMS Stack, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161837; Issue ID: MOLY01161837 (MSV-892).
Buffer Overflow
Out-of-Bounds Write in Modem IMS Stack Enables Remote Code Execution
CVE-2023-32874
9.8 - Critical
- January 02, 2024
In Modem IMS Stack, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161803; Issue ID: MOLY01161803 (MSV-893).
Memory Corruption
CVE-2023-32888: OOB Write in Modem IMS Call UA Enables Remote DoS
CVE-2023-32888
7.5 - High
- January 02, 2024
In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161830; Issue ID: MOLY01161830 (MSV-894).
Memory Corruption
Windows Bluetooth Service OOB Write Local Priv Escalation
CVE-2023-32891
6.7 - Medium
- January 02, 2024
In bluetooth service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07933038; Issue ID: MSV-559.
Memory Corruption
Out-of-Bounds Write in Modem IMS SMS UA Causing Remote DoS
CVE-2023-32886
7.5 - High
- January 02, 2024
In Modem IMS SMS UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00730807; Issue ID: MOLY00730807.
Memory Corruption
5G Modem RRC Malformat Causing Remote DoS
CVE-2023-32843
7.5 - High
- December 04, 2023
In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01130204; Issue ID: MOLY01130204 (MSV-849).
assertion failure
5G NR RLC DoS via Invalid SDU Handling
CVE-2023-20702
7.5 - High
- November 06, 2023
In 5G NRLC, there is a possible invalid memory access due to lack of error handling. This could lead to remote denial of service, if UE received invalid 1-byte rlc sdu, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00921261; Issue ID: MOLY01128895.
Out-of-Bounds Write in CCCI Modem Enables Local Priv Escalation
CVE-2023-32840
6.5 - Medium
- November 06, 2023
In modem CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction may be also needed for exploitation Patch ID: MOLY01138425; Issue ID: MOLY01138425 (MSV-862).
Memory Corruption
Out-of-Bounds Write in CDMA PPP: Remote Privilege Escalation
CVE-2023-20819
9.8 - Critical
- October 02, 2023
In CDMA PPP protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: MOLY01068234; Issue ID: ALPS08010003.
Memory Corruption
4G Modem RRC DoS via invalid SIB12 input validation
CVE-2022-26446
7.5 - High
- November 08, 2022
In Modem 4G RRC, there is a possible system crash due to improper input validation. This could lead to remote denial of service, when concatenating improper SIB12 (CMAS message), with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00867883; Issue ID: ALPS07274118.
assertion failure
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for MediaTek Nr15 or by MediaTek? Click the Watch button to subscribe.
