CVE-2025-20674 | THREATINT

Description

In wlan AP driver, there is a possible way to inject arbitrary packet due to a missing permission check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413202; Issue ID: MSV-3303.

PUBLISHED Reserved 2024-11-01 | Published 2025-06-02 | Updated 2026-02-26 | Assigner MediaTek

Problem types

CWE-863 Incorrect Authorization

Product status

SDK release 7.6.7.2 and before / OpenWrt 19.07, 21.02 (MT6890) / OpenWrt 21.02, 23.05 (MT6990)

affected

References

corp.mediatek.com/product-security-bulletin/June-2025

cve.org (CVE-2025-20674)

nvd.nist.gov (CVE-2025-20674)

Download JSON