CRITICAL🇵🇱 Wersja polska

CVE-2025-20681

CVSS 9.8v3.1pub. 2025-07-08upd. 2025-07-09

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00416936; Issue ID: MSV-3446.

🤖 AI Analysis
How it works

The vulnerability consists of improper boundary validation during data writing in the wlan AP driver, corresponding to CWE-787 class (out-of-bounds write). An attacker with regular user privileges (User execution privileges) can cause data to be written outside the intended memory area. The exploit requires no victim interaction, lowering the barrier to exploitation.

Impact

Successful exploitation of this vulnerability allows an attacker to perform local privilege escalation, potentially leading to complete device takeover, including violation of system confidentiality, integrity, and availability.

Mitigation & patch

Patches available from the manufacturer should be applied according to references: https://corp.mediatek.com/product-security-bulletin/July-2025 (Patch ID: WCNCR00416936). Administrators of devices based on OpenWrt with MediaTek chipsets should monitor distribution updates and deploy patched software versions as soon as possible.

Who is affected

MediaTek chipsets MT7915, MT7615, MT7622 and MediaTek Software Development Kit (SDK); OpenWrt platform using the mentioned chipsets. Detailed software versions are indicated in the manufacturer's references (Patch ID: WCNCR00416936; Issue ID: MSV-3446).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Mediatek Mt6890

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7615

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7622

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7663

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7915

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Software Development Kit

    APP
    Mediatek
    ≤ 5.1.0.0
  • Openwrt

    OS
    Openwrt
    19.07.021.02.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-30872CRITICAL9.5PL ✓ten sam produkt

Stack-based Buffer Overflow w mdns daemon OpenWrt — możliwy RCE

CVE-2026-30871CRITICAL9.5PL ✓ten sam produkt

Stack-based Buffer Overflow w demonie mdns OpenWrt — przepełnienie stosu przez PTR query

CVE-2025-20682CRITICAL9.8PL ✓ten sam produkt

Out-of-bounds write w sterowniku WLAN AP MediaTek — privilege escalation

CVE-2025-20683CRITICAL9.8PL ✓ten sam produkt

Out of bounds write w sterowniku wlan AP — eskalacja uprawnień na układach MediaTek

CVE-2025-20684CRITICAL9.8PL ✓ten sam produkt

Out-of-bounds write w sterowniku WLAN AP MediaTek — privilege escalation