In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00416936; Issue ID: MSV-3446.
The vulnerability consists of improper boundary validation during data writing in the wlan AP driver, corresponding to CWE-787 class (out-of-bounds write). An attacker with regular user privileges (User execution privileges) can cause data to be written outside the intended memory area. The exploit requires no victim interaction, lowering the barrier to exploitation.
Successful exploitation of this vulnerability allows an attacker to perform local privilege escalation, potentially leading to complete device takeover, including violation of system confidentiality, integrity, and availability.
Patches available from the manufacturer should be applied according to references: https://corp.mediatek.com/product-security-bulletin/July-2025 (Patch ID: WCNCR00416936). Administrators of devices based on OpenWrt with MediaTek chipsets should monitor distribution updates and deploy patched software versions as soon as possible.
MediaTek chipsets MT7915, MT7615, MT7622 and MediaTek Software Development Kit (SDK); OpenWrt platform using the mentioned chipsets. Detailed software versions are indicated in the manufacturer's references (Patch ID: WCNCR00416936; Issue ID: MSV-3446).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMediatek Mt6890
HWMediatekwszystkie wersjeMediatek Mt7615
HWMediatekwszystkie wersjeMediatek Mt7622
HWMediatekwszystkie wersjeMediatek Mt7663
HWMediatekwszystkie wersjeMediatek Mt7915
HWMediatekwszystkie wersjeMediatek Software Development Kit
APPMediatek≤ 5.1.0.0Openwrt
OSOpenwrt19.07.021.02.0
Related vulnerabilities
Stack-based Buffer Overflow w mdns daemon OpenWrt — możliwy RCE
Stack-based Buffer Overflow w demonie mdns OpenWrt — przepełnienie stosu przez PTR query
Out-of-bounds write w sterowniku WLAN AP MediaTek — privilege escalation
Out of bounds write w sterowniku wlan AP — eskalacja uprawnień na układach MediaTek
Out-of-bounds write w sterowniku WLAN AP MediaTek — privilege escalation