CRITICAL🇵🇱 Wersja polska

CVE-2025-20654

CVSS 9.8v3.1pub. 2025-04-07upd. 2025-04-09

In wlan service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00406897; Issue ID: MSV-2875.

🤖 AI Analysis
How it works

The WLAN service module contains an incorrect bounds check, which leads to writing outside the allocated memory area (out of bounds write, CWE-787). This error can be exploited remotely over the network without the need to possess any privileges on the target device. The attack does not require user interaction, which significantly lowers the threshold for its execution.

Impact

An attacker can obtain full remote code execution on a vulnerable device without additional privileges, which may result in complete device takeover, breach of confidentiality, integrity, and system availability.

Mitigation & patch

Apply patches available from the manufacturer in accordance with the references: https://corp.mediatek.com/product-security-bulletin/April-2025 (Patch ID: WCNCR00406897). It is recommended to urgently implement firmware updates or SDKs provided by MediaTek and OEM device manufacturers.

Who is affected

Devices equipped with MediaTek MT7915, MT7916, MT7981 chips and OpenWrt environment using MediaTek Software Development Kit — versions indicated in the manufacturer's references (Patch ID: WCNCR00406897, Issue ID: MSV-2875)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Mediatek Mt6890

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7622

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7915

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7916

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7981

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7986

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Software Development Kit

    APP
    Mediatek
    ≤ 7.4.0.1≤ 7.6.7.0
  • Openwrt

    OS
    Openwrt
    19.07.021.02.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2026-30872CRITICAL9.5PL ✓ten sam produkt

Stack-based Buffer Overflow w mdns daemon OpenWrt — możliwy RCE

CVE-2026-30871CRITICAL9.5PL ✓ten sam produkt

Stack-based Buffer Overflow w demonie mdns OpenWrt — przepełnienie stosu przez PTR query

CVE-2025-20682CRITICAL9.8PL ✓ten sam produkt

Out-of-bounds write w sterowniku WLAN AP MediaTek — privilege escalation

CVE-2025-20683CRITICAL9.8PL ✓ten sam produkt

Out of bounds write w sterowniku wlan AP — eskalacja uprawnień na układach MediaTek

CVE-2025-20681CRITICAL9.8PL ✓ten sam produkt

Out-of-bounds write w sterowniku WLAN AP MediaTek – privilege escalation