CVE-2026-20404

MEDIUM

MediaTek Modem - Input Validation Denial of Service

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2026-20404. PoCs published by XiaomingX, George0Papasotiriou.

AI-analyzed exploit summary This repository contains a functional SQL injection exploit for WordPress Quiz Maker (CVE-2025-10042), demonstrating time-based blind SQLi via crafted HTTP headers. The PoC includes data extraction logic for admin credentials and is well-documented with clear usage instructions.

Description

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689248; Issue ID: MSV-4837.

Exploits (2)

github WORKING POC 10 stars

by XiaomingX · pythonpoc

https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-20404

View Code ZIP pw:eip

This repository contains a functional SQL injection exploit for WordPress Quiz Maker (CVE-2025-10042), demonstrating time-based blind SQLi via crafted HTTP headers. The PoC includes data extraction logic for admin credentials and is well-documented with clear usage instructions.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: WordPress Quiz Maker <= 6.7.0.56

No auth needed

Prerequisites: target WordPress URL · path to quiz page · vulnerable header (default: X-Forwarded-For)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 27, 2026 Full analysis →

nomisec SCANNER 1 stars

by George0Papasotiriou · poc

https://github.com/George0Papasotiriou/CVE-2026-20404-MediaTek-modem-remote-DoS-rogue-base-station-scenario-

View Code ZIP pw:eip

The repository provides a scanner script to check for the presence of CVE-2026-20404, a MediaTek modem remote DoS vulnerability caused by improper input validation leading to an out-of-bounds write. The script identifies affected chipsets and confirms patch levels.

Classification

Scanner 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: MediaTek modem firmware (various chipsets including MT67xx, MT27xx, and others)

No auth needed

Prerequisites: Access to a device with a vulnerable MediaTek modem · Rogue base station controlled by the attacker

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory

https://corp.mediatek.com/product-security-bulletin/February-2026

Scores

CVSS v3 6.5

EPSS 0.0046

EPSS Percentile 36.1%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-787

Status published

Products (50)

mediatek/nr15

mediatek/nr16

mediatek/nr17

mediatek/nr17r

MediaTek, Inc./MediaTek chipset MT2735

MediaTek, Inc./MediaTek chipset MT2737

MediaTek, Inc./MediaTek chipset MT6813

MediaTek, Inc./MediaTek chipset MT6815

MediaTek, Inc./MediaTek chipset MT6833

MediaTek, Inc./MediaTek chipset MT6835

... and 40 more

Published Feb 02, 2026

Tracked Since Feb 18, 2026