MediaTek Nr16
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in MediaTek Nr16.
By the Year
In 2026 there have been 0 vulnerabilities in MediaTek Nr16. Last year, in 2025 Nr16 had 7 security vulnerabilities published. Right now, Nr16 is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 7 | 6.80 |
| 2024 | 14 | 7.75 |
| 2023 | 4 | 7.83 |
| 2022 | 1 | 7.50 |
It may take a day or so for new Nr16 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent MediaTek Nr16 Security Vulnerabilities
IMS Service Crash Vulnerability Allows Remote DoS via Rogue Base Station
CVE-2025-20678
6.5 - Medium
- June 02, 2025
In ims service, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01394606; Issue ID: MSV-2739.
Stack Exhaustion
Modem IE via error handling in rogue base station
CVE-2025-20667
6.5 - Medium
- May 05, 2025
In Modem, there is a possible information disclosure due to incorrect error handling. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01513293; Issue ID: MSV-2741.
Inadequate Encryption Strength
Modem Certificate Validation Bypass (CVE-2025-20670)
CVE-2025-20670
5.7 - Medium
- May 05, 2025
In Modem, there is a possible permission bypass due to improper certificate validation. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with User execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01334347; Issue ID: MSV-2772.
Improper Certificate Validation
Memory Corruption in Modem Firmware Enables Remote DoS via Rogue Base Station
CVE-2025-20644
6.5 - Medium
- March 03, 2025
In Modem, there is a possible memory corruption due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01525673; Issue ID: MSV-2747.
Improper Validation of Syntactic Correctness of Input
Modem OOB Write RCE via Rogue Base Station (UE)
CVE-2025-20634
8.8 - High
- February 03, 2025
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01289384; Issue ID: MSV-2436.
Memory Corruption
Modem OOB Write Exploitable to PrivEsc (System)
CVE-2024-20151
- January 06, 2025
In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: MOLY01399339; Issue ID: MSV-1928.
Memory Corruption
Modem Remote DoS via Logic Error
CVE-2024-20150
- January 06, 2025
In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01412526; Issue ID: MSV-2018.
Marshaling, Unmarshaling
Modem Out-of-Bounds Write Vulnerability
CVE-2024-20132
- December 02, 2024
In Modem, there is a possible out of bonds write due to a mission bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00957388; Issue ID: MSV-1872.
Modem Privilege Escalation Vulnerability due to Incorrect Bounds Check
CVE-2024-20133
- December 02, 2024
In Modem, there is a possible escalation of privilege due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01395886; Issue ID: MSV-1871.
Memory Corruption
Modem Privilege Escalation Vulnerability due to Incorrect Bounds Check
CVE-2024-20131
- December 02, 2024
In Modem, there is a possible escalation of privilege due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01395886; Issue ID: MSV-1873.
Memory Corruption
Memory corruption in Modem component enables RCE
CVE-2024-20082
- August 14, 2024
In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01182594; Issue ID: MSV-1529.
Buffer Overflow
Windows Modem Driver Remote DoS via Input Validation (CVE-2024-20068)
CVE-2024-20068
- June 03, 2024
In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is no needed for exploitation. Patch ID: MOLY01270721; Issue ID: MSV-1479.
Memory Corruption
MS Adversarial Remote DoS via Modem OOBW
CVE-2024-20067
- June 03, 2024
In modem, there is a possible out of bounds write due to improper input invalidation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01267285; Issue ID: MSV-1462.
Remote Info Disclosure via Weak Crypto in Modem Firmware
CVE-2024-20070
- June 03, 2024
In modem, there is a possible information disclosure due to using risky cryptographic algorithm during connection establishment negotiation. This could lead to remote information disclosure, when weak encryption algorithm is used, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00942482; Issue ID: MSV-1469.
Use of a Broken or Risky Cryptographic Algorithm
Windows Modem Driver OOB Write Remote DoS
CVE-2024-20066
7.5 - High
- June 03, 2024
In modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is no needed for exploitation. Patch ID: MOLY01267281; Issue ID: MSV-1477.
Memory Corruption
Modem Firmware OOB Write Enables Remote RCE
CVE-2024-20039
- April 01, 2024
In modem protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01240012; Issue ID: MSV-1215.
Out-of-Bounds Write in Modem IMS Stack Enables Remote Code Execution
CVE-2023-32874
9.8 - Critical
- January 02, 2024
In Modem IMS Stack, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161803; Issue ID: MOLY01161803 (MSV-893).
Memory Corruption
CVE-2023-32888: OOB Write in Modem IMS Call UA Enables Remote DoS
CVE-2023-32888
7.5 - High
- January 02, 2024
In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161830; Issue ID: MOLY01161830 (MSV-894).
Memory Corruption
Out-of-Bounds Write in Modem IMS SMS UA Causing Remote DoS
CVE-2023-32886
7.5 - High
- January 02, 2024
In Modem IMS SMS UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00730807; Issue ID: MOLY00730807.
Memory Corruption
Remote DoS via Bounds Check in Modem IMS Stack
CVE-2023-32887
7.5 - High
- January 02, 2024
In Modem IMS Stack, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161837; Issue ID: MOLY01161837 (MSV-892).
Buffer Overflow
Windows Bluetooth Service OOB Write Local Priv Escalation
CVE-2023-32891
6.7 - Medium
- January 02, 2024
In bluetooth service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07933038; Issue ID: MSV-559.
Memory Corruption
5G Modem RRC Malformat Causing Remote DoS
CVE-2023-32843
7.5 - High
- December 04, 2023
In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01130204; Issue ID: MOLY01130204 (MSV-849).
assertion failure
Out-of-Bounds Write in CCCI Modem Enables Local Priv Escalation
CVE-2023-32840
6.5 - Medium
- November 06, 2023
In modem CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction may be also needed for exploitation Patch ID: MOLY01138425; Issue ID: MOLY01138425 (MSV-862).
Memory Corruption
5G NR RLC DoS via Invalid SDU Handling
CVE-2023-20702
7.5 - High
- November 06, 2023
In 5G NRLC, there is a possible invalid memory access due to lack of error handling. This could lead to remote denial of service, if UE received invalid 1-byte rlc sdu, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00921261; Issue ID: MOLY01128895.
Out-of-Bounds Write in CDMA PPP: Remote Privilege Escalation
CVE-2023-20819
9.8 - Critical
- October 02, 2023
In CDMA PPP protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: MOLY01068234; Issue ID: ALPS08010003.
Memory Corruption
4G Modem RRC DoS via invalid SIB12 input validation
CVE-2022-26446
7.5 - High
- November 08, 2022
In Modem 4G RRC, there is a possible system crash due to improper input validation. This could lead to remote denial of service, when concatenating improper SIB12 (CMAS message), with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00867883; Issue ID: ALPS07274118.
assertion failure
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for MediaTek Nr16 or by MediaTek? Click the Watch button to subscribe.
