In wlan service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00406897; Issue ID: MSV-2875.
The WLAN service module contains an incorrect bounds check, which leads to writing outside the allocated memory area (out of bounds write, CWE-787). This error can be exploited remotely over the network without the need to possess any privileges on the target device. The attack does not require user interaction, which significantly lowers the threshold for its execution.
An attacker can obtain full remote code execution on a vulnerable device without additional privileges, which may result in complete device takeover, breach of confidentiality, integrity, and system availability.
Apply patches available from the manufacturer in accordance with the references: https://corp.mediatek.com/product-security-bulletin/April-2025 (Patch ID: WCNCR00406897). It is recommended to urgently implement firmware updates or SDKs provided by MediaTek and OEM device manufacturers.
Devices equipped with MediaTek MT7915, MT7916, MT7981 chips and OpenWrt environment using MediaTek Software Development Kit — versions indicated in the manufacturer's references (Patch ID: WCNCR00406897, Issue ID: MSV-2875)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMediatek Mt6890
HWMediatekwszystkie wersjeMediatek Mt7622
HWMediatekwszystkie wersjeMediatek Mt7915
HWMediatekwszystkie wersjeMediatek Mt7916
HWMediatekwszystkie wersjeMediatek Mt7981
HWMediatekwszystkie wersjeMediatek Mt7986
HWMediatekwszystkie wersjeMediatek Software Development Kit
APPMediatek≤ 7.4.0.1≤ 7.6.7.0Openwrt
OSOpenwrt19.07.021.02.0
Related vulnerabilities
Stack-based Buffer Overflow w mdns daemon OpenWrt — możliwy RCE
Stack-based Buffer Overflow w demonie mdns OpenWrt — przepełnienie stosu przez PTR query
Out-of-bounds write w sterowniku WLAN AP MediaTek — privilege escalation
Out of bounds write w sterowniku wlan AP — eskalacja uprawnień na układach MediaTek
Out-of-bounds write w sterowniku WLAN AP MediaTek – privilege escalation