In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00416939; Issue ID: MSV-3422.
The WLAN AP (Access Point) driver contains an incorrect bounds check, which leads to writing outside the allocated memory area (out of bounds write — CWE-787). An attacker with regular user privileges (User execution privileges) can trigger this vulnerability without requiring victim interaction. The result is the possibility of local privilege escalation on the vulnerable device.
An attacker can obtain higher system privileges than they are entitled to, which in practice may mean full control over the vulnerable device, including access to sensitive data, system modification, and disruption of its operation.
Apply patch with identifier WCNCR00416939 (Issue ID: MSV-3422) according to the MediaTek security bulletin guidelines from July 2025, available at https://corp.mediatek.com/product-security-bulletin/July-2025. OEM device manufacturers using the mentioned chipsets should immediately implement the firmware update.
Devices equipped with MediaTek MT7615, MT7622, MT7663 chipsets and products using MediaTek Software Development Kit (SDK) with the vulnerable WLAN AP driver — specific versions indicated in manufacturer references (MediaTek security bulletin, July 2025).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMediatek Mt7615
HWMediatekwszystkie wersjeMediatek Mt7622
HWMediatekwszystkie wersjeMediatek Mt7663
HWMediatekwszystkie wersjeMediatek Software Development Kit
APPMediatek≤ 5.1.0.0
Related vulnerabilities
Out of bounds write w sterowniku wlan AP — eskalacja uprawnień na układach MediaTek
Out-of-bounds write w sterowniku WLAN AP MediaTek – privilege escalation
Out-of-bounds write w sterowniku WLAN AP MediaTek — privilege escalation
Brak weryfikacji uprawnień w sterowniku WLAN AP MediaTek — zdalne eskalowanie przywilejów
RCE w usłudze WLAN MediaTek — błędne sprawdzenie granic zapisu (out of bounds write)