CRITICAL🇵🇱 Wersja polska

CVE-2025-20674

CVSS 9.8v3.1pub. 2025-06-02upd. 2025-07-18

In wlan AP driver, there is a possible way to inject arbitrary packet due to a missing permission check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413202; Issue ID: MSV-3303.

🤖 AI Analysis
How it works

The vulnerability results from omission of required authorization verification in the WLAN access point driver (wlan AP driver). A network attacker, without needing any privileges on the device, can craft and inject arbitrary network packets. The attack requires no user interaction, and its vector is fully remote (AV:N, AC:L, PR:N, UI:N), making it particularly dangerous.

Impact

An attacker can remotely perform privilege escalation — obtain elevated privileges on the vulnerable device without requiring prior access, threatening complete system takeover (violation of confidentiality, integrity, and availability).

Mitigation & patch

Apply patch with identifier WCNCR00413202 (Issue ID: MSV-3303) available in the MediaTek security bulletin from June 2025 according to references: https://corp.mediatek.com/product-security-bulletin/June-2025

Who is affected

Devices equipped with MediaTek chips MT7915, MT7916, MT6990, MT7981 and OpenWrt systems running on these platforms — specific firmware versions indicated in manufacturer references (MediaTek security bulletin, June 2025).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Mediatek Mt6890

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt6990

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7915

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7916

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7981

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7986

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7990

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7992

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7993

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Software Development Kit

    APP
    Mediatek
    ≤ 7.6.7.2
  • Openwrt

    OS
    Openwrt
    19.07.021.02.023.05
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-30872CRITICAL9.5PL ✓ten sam produkt

Stack-based Buffer Overflow w mdns daemon OpenWrt — możliwy RCE

CVE-2026-30871CRITICAL9.5PL ✓ten sam produkt

Stack-based Buffer Overflow w demonie mdns OpenWrt — przepełnienie stosu przez PTR query

CVE-2025-20681CRITICAL9.8PL ✓ten sam produkt

Out-of-bounds write w sterowniku WLAN AP MediaTek – privilege escalation

CVE-2025-20682CRITICAL9.8PL ✓ten sam produkt

Out-of-bounds write w sterowniku WLAN AP MediaTek — privilege escalation

CVE-2025-20683CRITICAL9.8PL ✓ten sam produkt

Out of bounds write w sterowniku wlan AP — eskalacja uprawnień na układach MediaTek