CVE Catalog

CVE-2026-0154

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

13th percentile - higher than 13% of all known CVEs

Summary

In the modem, there is a possible way to trigger a modem crash during a SIP REFER request due to memory corruption. This could lead to remote code execution with no additional execution privileges needed.

Risk Assessment

This vulnerability poses a risk of remote code execution, which could lead to device takeover without user interaction.

Recommendation

It is recommended to update the modem firmware to the latest version to mitigate the risk associated with this vulnerability.

Original NVD description (English source)

In Modem, there is a possible way to trigger a modem crash during a SIP REFER request due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS