CVE-2026-20419 — Improper Check for Unusual or Exceptional Conditions in Nbiot SDK

CWE-754 — Improper Check for Unusual or Exceptional Conditions3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.0%

top 97.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mediatek Nbiot SDK Mediatek Software Development KIT Mediatek INC Mediatek Chipset +1 more

Timeline

PublishedFeb 2

Description

In wlan AP/STA firmware, there is a possible system becoming irresponsive due to an uncaught exception. This could lead to remote (proximal/adjacent) denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00461663 / WCNCR00463309; Issue ID: MSV-4852.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDmediatek/nbiot_sdk3.6

▶NVDmediatek/software_development_kit7.6.7.2

▶NVDopenwrt/openwrt19.07.0, 21.02.0+1

▶CVEListV5mediatek_inc/mediatek_chipset25 versions+24

🔴Vulnerability Details

CVEList

CVE-2026-20419: In wlan AP/STA firmware, there is a possible system becoming irresponsive due to an uncaught exception↗2026-02-02

▶

GHSA

GHSA-4q2v-rcwc-rv6w: In wlan AP/STA firmware, there is a possible system becoming irresponsive due to an uncaught exception↗2026-02-02

▶