Vulnerability Report

CVE-2026-20452

Title: RCE via Heap Buffer Overflow in WLAN AP Driver

Memory Corruption

Proof Of Concept

PoC Available for CVE-2026-20452

CWE Category CWE-122

Published Date Jun 01, 2026

Modified Date Jun 01, 2026

Exploit Status Available

Score 8.0 CVSS v

Exploit Probability (EPSS)

0.23%

Vulnerability Summary

CVE-2026-20452: In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480138; Issue ID: MSV-6295.

Impacted Vendors

mediatek 9

Reference Links

https://corp.mediatek.com/product-security-bulletin/June-2026

CVSS v3.1

Source Entity 134c704f-9b21-4f2e-91b3-4a467353bcc0

Severity HIGH

8.0

Attack Vector

ADJACENT_NETWORK

Complexity

LOW

Privileges

N/A

Interaction

NONE

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

UNCHANGED

RAW VECTOR CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2026-20452 Exploits & PoCs (Proof Of Concept)

GitHub https://github.com/Hunt-Benito/mediatek-wlan-heap-overflow-cve-2026-20452-filogic-router-rce

View Code

June 01, 2026 MODIFIED

Vulnerability data updated via NVD.

June 01, 2026 MODIFIED

Vulnerability data updated via NVD.

June 01, 2026 MODIFIED

Vulnerability data updated via NVD.

June 01, 2026 MODIFIED

Vulnerability data updated via NVD.

Attack Vector Matrix

Access Vector ADJACENT_NETWORK

Complexity LOW

Privileges N/A

Interaction NONE

CVSS Vector String


                                    CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Stack

No specific products linked.