CVE-2025-20674
CVSS Score
9.8
EPSS Score
0.0%
EPSS Percentile
0th
In wlan AP driver, there is a possible way to inject arbitrary packet due to a missing permission check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413202; Issue ID: MSV-3303.
| CWE | CWE-863 |
| Vendor | mediatek, inc. |
| Product | mt6890, mt6990, mt7915, mt7916, mt7981, mt7986, mt7990, mt7992, mt7993 |
| Published | Jun 2, 2025 |
| Last Updated | Feb 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for mediatek, inc. mt6890, mt6990, mt7915, mt7916, mt7981, mt7986, mt7990, mt7992, mt7993
Be the first to know when new critical vulnerabilities affecting mediatek, inc. mt6890, mt6990, mt7915, mt7916, mt7981, mt7986, mt7990, mt7992, mt7993 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
MediaTek, Inc. / MT6890, MT6990, MT7915, MT7916, MT7981, MT7986, MT7990, MT7992, MT7993
SDK release 7.6.7.2 and before / OpenWrt 19.07, 21.02 (MT6890) / OpenWrt 21.02, 23.05 (MT6990)