Volerion logoVolerion
Volerion logoVolerion

MediaTek Modem Out-of-Bounds Write Vulnerability Leading to Remote Code Execution

Vulnerability

A remote code execution vulnerability has been identified in the MediaTek Modem due to a possible out-of-bounds write. This issue arises from a missing bounds check, allowing exploitation if a user equipment (UE) connects to a rogue base station controlled by an attacker. Notably, no additional execution privileges are required for this exploitation, and user interaction is not needed.

Impact

Exploitation of this vulnerability could lead to unauthorized remote code execution on the affected device.

Remediation

MediaTek has issued a patch for this vulnerability, identified by Patch ID MOLY01289384. Device OEMs can contact their MediaTek representative for further information.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
7.8
impact
7.5
exploitability
4.7
remediation
0.0
relevance
0.0
threat
0.1
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.