CVE-2026-20452

Vulnerability

A heap buffer overflow (CWE-122) exists in the wlan AP driver of multiple MediaTek chipsets, including MT6890, MT7615, MT7915, MT7916, MT7981, MT7986, MT7990, MT7992, and MT7993 [1]. The vulnerability is triggered when processing crafted wireless frames, leading to memory corruption. The driver runs with user execution privileges, and no user interaction is required for exploitation. The issue is identified as MSV-6295 with patch ID WCNCR00480138.

Exploitation

An attacker within wireless range (adjacent network) can send a specially crafted frame to the target device's wlan AP driver. No authentication or user interaction is needed. The heap overflow occurs during frame processing, corrupting adjacent memory.

Impact

Successful exploitation allows the attacker to execute arbitrary code in the context of the wlan AP driver, which operates with user privileges. This can lead to memory corruption, information disclosure, and potential further compromise of the device.

Mitigation

MediaTek has released a security patch (WCNCR00480138) to device OEMs, who are responsible for distributing firmware updates. Affected chipsets are listed in the June 2026 Product Security Bulletin [1]. Users should apply updates from their device manufacturer as soon as available. No workarounds are documented, and no active exploitation has been reported as of the bulletin date.