CVE-2026-20421 – This vulnerability allows remote attackers to c... (How to Fix)

Q: What is the severity of CVE-2026-20421?

CVE-2026-20421 has a CVSS score of 7.5 (HIGH). This vulnerability allows remote attackers to cause a system crash (denial of service) in affected modem devices by connecting to a rogue base station. It affects devices using MediaTek modems with improper input validation. No user interaction or special privileges are required for exploitation.

📋 TL;DR

This vulnerability allows remote attackers to cause a system crash (denial of service) in affected modem devices by connecting to a rogue base station. It affects devices using MediaTek modems with improper input validation. No user interaction or special privileges are required for exploitation.

💻 Affected Systems

Products:

MediaTek modem chipsets

Versions: Specific versions not specified in bulletin; all versions before patch MOLY01738293 are likely affected.

Operating Systems: Android and other OS using MediaTek modems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with MediaTek modems when connected to cellular networks. Exact device models not specified in available information.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete modem/system crash requiring device reboot, potentially disrupting all cellular connectivity and dependent services.

🟠

Likely Case

Temporary denial of service affecting cellular connectivity until device reboots or reconnects to legitimate base station.

🟢

If Mitigated

No impact if patched or if device cannot connect to rogue base stations due to network controls.

🌐 Internet-Facing: HIGH - Attack can be performed remotely via rogue base station without authentication.

🏢 Internal Only: LOW - Requires proximity to deploy rogue base station, not typically an internal network threat.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires attacker to operate rogue base station in proximity to target, but no authentication or user interaction needed once device connects.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patch ID: MOLY01738293

Vendor Advisory: https://corp.mediatek.com/product-security-bulletin/February-2026

Restart Required: Yes

Instructions:

1. Check with device manufacturer for firmware updates. 2. Apply MediaTek patch MOLY01738293. 3. Reboot device after update.

🔧 Temporary Workarounds

Disable automatic network selection

android

Manually select trusted network operators to prevent automatic connection to rogue base stations.

Settings > Network & Internet > Mobile network > Network operators > Choose manually

Enable airplane mode in untrusted areas

android

Temporarily disable cellular radio when in locations where rogue base stations might operate.

Settings > Network & Internet > Airplane mode

🧯 If You Can't Patch

Implement network monitoring for unusual base station connections
Restrict device usage in high-risk areas where rogue base stations could operate

🔍 How to Verify

Check if Vulnerable:

Check modem firmware version against patch bulletin; if patch MOLY01738293 is not applied, device is vulnerable.

Check Version:

adb shell getprop | grep gsm.version.baseband (for Android devices)

Verify Fix Applied:

Verify patch MOLY01738293 is installed in modem firmware version information.

📡 Detection & Monitoring

Log Indicators:

Modem crash logs
Unexpected base station ID changes
Frequent cellular disconnections

Network Indicators:

Devices connecting to base stations with unusual IDs or locations
Sudden loss of cellular connectivity patterns

SIEM Query:

source="modem_logs" AND (event="crash" OR event="disconnect") AND base_station_id NOT IN trusted_list

📊 Metadata

CVE ID: CVE-2026-20421

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-125

Published: February 2, 2026

Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

https://corp.mediatek.com/product-security-bulletin/February-2026 Vendor Advisory