Vulnerability Description
In geniezone, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10708513; Issue ID: MSV-6281.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mediatek | Mt6765 Firmware | - |
| Mediatek | Mt6765 | - |
| Mediatek | Mt6768 Firmware | - |
| Mediatek | Mt6768 | - |
| Mediatek | Mt6789 Firmware | - |
| Mediatek | Mt6789 | - |
| Mediatek | Mt6877 Firmware | - |
| Mediatek | Mt6877 | - |
| Mediatek | Mt6897 Firmware | - |
| Mediatek | Mt6897 | - |
| Mediatek | Mt6899 Firmware | - |
| Mediatek | Mt6899 | - |
| Mediatek | Mt6989 Firmware | - |
| Mediatek | Mt6989 | - |
| Mediatek | Mt6991 Firmware | - |
| Mediatek | Mt6991 | - |
| Mediatek | Mt6993 Firmware | - |
| Mediatek | Mt6993 | - |
| Mediatek | Mt8367 Firmware | - |
| Mediatek | Mt8367 | - |
Related Weaknesses (CWE)
References
- https://corp.mediatek.com/product-security-bulletin/May-2026Vendor Advisory
FAQ
What is CVE-2026-20448?
CVE-2026-20448 is a vulnerability with a CVSS score of 6.7 (MEDIUM). In geniezone, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privi...
How severe is CVE-2026-20448?
CVE-2026-20448 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-20448?
Check the references section above for vendor advisories and patch information. Affected products include: Mediatek Mt6765 Firmware, Mediatek Mt6765, Mediatek Mt6768 Firmware, Mediatek Mt6768, Mediatek Mt6789 Firmware.