Volerion logoVolerion
Volerion logoVolerion

MediaTek Modem Out-of-Bounds Read Vulnerability Leading to Remote Denial-of-Service

Vulnerability

A denial-of-service vulnerability has been identified in the MediaTek Modem component, specifically in chipsets MT2735, MT2737, MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6771, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6785U, MT6789, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8666, MT8667, MT8673, MT8675, MT8676, MT8678, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8791T, MT8796, MT8797, MT8798, MT8863. The vulnerability arises from improper input validation, which can lead to a system crash. This issue could be exploited remotely to cause a denial-of-service condition, particularly if a user equipment (UE) is connected to a rogue base station controlled by the attacker. Notably, no additional execution privileges are required for exploitation, and user interaction is not needed.

Impact

Exploitation of this vulnerability can cause a system crash, leading to a remote denial-of-service condition.

Remediation

MediaTek has released a patch for this vulnerability, identified by Patch ID MOLY01519028. Device OEMs can contact their MediaTek representative for further information.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
8.4
impact
2.5
exploitability
4.7
remediation
0.0
relevance
0.0
threat
0.0
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.