CRITICAL🇵🇱 Wersja polska

CVE-2025-20682

CVSS 9.8v3.1pub. 2025-07-08upd. 2025-07-09

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00416937; Issue ID: MSV-3445.

🤖 AI Analysis
How it works

The error results from incorrect bounds checking in the wlan AP driver. An attacker with regular user privileges can cause data to be written outside the designated memory area (CWE-787 — out of bounds write). Exploiting the vulnerability does not require any interaction from another user. The manufacturer's patch identifier is WCNCR00416937, problem number MSV-3445.

Impact

An attacker can obtain elevated system privileges on the vulnerable device, which may consequently lead to full system takeover (privilege escalation).

Mitigation & patch

Apply patches available from the manufacturer according to references (Patch ID: WCNCR00416937). Detailed update instructions available in MediaTek security bulletin from July 2025: https://corp.mediatek.com/product-security-bulletin/July-2025

Who is affected

Devices with MediaTek MT7915, MT7916, MT7615, MT7981 chipsets and OpenWrt on these platforms — specific firmware versions indicated in manufacturer's references (MediaTek security bulletin, July 2025)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Mediatek Mt6890

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7615

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7622

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7663

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7915

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7916

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7981

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7986

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Software Development Kit

    APP
    Mediatek
    ≤ 7.6.7.2
  • Openwrt

    OS
    Openwrt
    19.07.021.02.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-30872CRITICAL9.5PL ✓ten sam produkt

Stack-based Buffer Overflow w mdns daemon OpenWrt — możliwy RCE

CVE-2026-30871CRITICAL9.5PL ✓ten sam produkt

Stack-based Buffer Overflow w demonie mdns OpenWrt — przepełnienie stosu przez PTR query

CVE-2025-20681CRITICAL9.8PL ✓ten sam produkt

Out-of-bounds write w sterowniku WLAN AP MediaTek – privilege escalation

CVE-2025-20683CRITICAL9.8PL ✓ten sam produkt

Out of bounds write w sterowniku wlan AP — eskalacja uprawnień na układach MediaTek

CVE-2025-20684CRITICAL9.8PL ✓ten sam produkt

Out-of-bounds write w sterowniku WLAN AP MediaTek — privilege escalation