Volerion logoVolerion
Volerion logoVolerion

MediaTek Modem Out-of-Bounds Write Vulnerability Allowing Remote Privilege Escalation

Vulnerability

A vulnerability in the MediaTek modem software, specifically in versions NR17 and NR17R, has been identified, allowing for a possible out-of-bounds write. This issue arises from a missing bounds check, which could lead to remote privilege escalation. The vulnerability requires user interaction for exploitation and could be triggered if a user equipment (UE) device connects to a rogue base station controlled by an attacker.

Impact

Exploitation of this vulnerability could result in unauthorized privilege escalation on the affected device.

Remediation

MediaTek has issued a patch for this vulnerability, which can be applied by device manufacturers. Instructions for applying the patch can be obtained from MediaTek contacts.

Added: Sep 1, 2025, 6:25 AM
Updated: Sep 1, 2025, 6:25 AM

Vulnerability Rating

Custom Algorithm
spread
8.4
impact
7.5
exploitability
4.4
remediation
0.0
relevance
0.5
threat
0.0
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.