MediaTek WLAN FW heap overflow remote privilege escalation
CVE-2026-20408 Published on February 2, 2026

In wlan, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00461651; Issue ID: MSV-4758.

NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Affected Versions

MediaTek, Inc. MT6890, MT7615, MT7915, MT7916, MT7981, MT7986 Version SDK release 7.6.7.2 and before / openWRT 19.07, 21.02, 23.05 is affected by CVE-2026-20408

Exploit Probability

EPSS

0.01%

Percentile

0.39%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

MediaTek WLAN FW heap overflow remote privilege escalationCVE-2026-20408 Published on February 2, 2026

Vulnerability Analysis

Weakness Type

Heap-based Buffer Overflow

Affected Versions

Exploit Probability

MediaTek WLAN FW heap overflow remote privilege escalation
CVE-2026-20408 Published on February 2, 2026