CVE-2023-20689
Description
An integer overflow in MediaTek wlan firmware allows remote denial of service without user interaction.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An integer overflow in MediaTek wlan firmware allows remote denial of service without user interaction.
Vulnerability
An integer overflow vulnerability exists in the wlan firmware of MediaTek chipsets (including MT6580, MT6761, MT6765, MT6781, MT6833, and others listed in the July 2023 security bulletin [1]). The overflow occurs during processing of network packets, leading to a system crash without requiring physical access [1]. Affected versions are those released before the patch with ID ALPS07664741.
Exploitation
An attacker can exploit this issue remotely by sending specially crafted packets to the target device's wlan firmware [1]. No user interaction or additional execution privileges are needed; the attack only requires the target to be reachable over Wi-Fi.
Impact
Successful exploitation triggers a denial of service (DoS) via system crash [1]. The attack does not lead to gain of privileges or data disclosure, but it can render the device unusable until a reboot.
Mitigation
MediaTek has released a patch (ALPS07664741) included in the July 2023 Product Security Bulletin [1]. Device OEMs were notified at least two months before publication. Users should apply firmware updates from their device manufacturer as they become available.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- MediaTek, Inc./MT6739, MT8167, MT8321, MT8365, MT8385, MT8666, MT8765, MT8788v5Range: Android 11.0 / IOT-v23.0 (Yocto 4.0)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.