CVE-2025-20674

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-20674
In wlan AP driver, there is a possible way to inject arbitrary packet due to a missing permission check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413202; Issue ID: MSV-3303.
CVSS

No CVSS.

References
Link Resource
https://corp.mediatek.com/product-security-bulletin/June-2025 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:23.05:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:a:mediatek:software_development_kit:*:*:*:*:*:*:*:*
OR cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7915:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7916:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7981:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7986:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7990:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7992:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7993:-:*:*:*:*:*:*:*
History

18 Jul 2025, 17:16

Type Values Removed Values Added
CPE cpe:2.3:o:mediatek:mt7993_firmware:7.6.7.2:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt7986_firmware:7.6.7.2:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt7990_firmware:7.6.7.2:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt7915_firmware:7.6.7.2:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt7992_firmware:7.6.7.2:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt7981_firmware:7.6.7.2:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt7916_firmware:7.6.7.2:*:*:*:*:*:*:*		 cpe:2.3:a:mediatek:software_development_kit:*:*:*:*:*:*:*:*
First Time Mediatek software Development Kit

02 Jul 2025, 15:39

Type Values Removed Values Added
CPE cpe:2.3:o:mediatek:mt7993_firmware:7.6.7.2:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7992:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7915:-:*:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:23.05:*:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt7981_firmware:7.6.7.2:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt7916_firmware:7.6.7.2:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7990:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7993:-:*:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt7986_firmware:7.6.7.2:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt7990_firmware:7.6.7.2:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7981:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt7915_firmware:7.6.7.2:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7916:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7986:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:mt7992_firmware:7.6.7.2:*:*:*:*:*:*:*
References () https://corp.mediatek.com/product-security-bulletin/June-2025 - () https://corp.mediatek.com/product-security-bulletin/June-2025 - Vendor Advisory
First Time Mediatek mt7915 Firmware
Mediatek mt7986 Firmware
Mediatek mt6890
Mediatek mt7981 Firmware
Mediatek mt7992
Mediatek mt6990
Mediatek mt7992 Firmware
Mediatek mt7981
Mediatek mt7990
Mediatek mt7915
Mediatek mt7993 Firmware
Mediatek
Mediatek mt7993
Mediatek mt7986
Openwrt openwrt
Mediatek mt7916
Openwrt
Mediatek mt7916 Firmware
Mediatek mt7990 Firmware

02 Jun 2025, 16:15

Type Values Removed Values Added
CWE CWE-863

02 Jun 2025, 03:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-06-02 03:15

Updated : 2025-07-18 17:16

NVD link : CVE-2025-20674

Mitre link : CVE-2025-20674

JSON object : View

Products Affected

mediatek

  • mt7916
  • mt6890
  • mt7990
  • mt7986
  • software_development_kit
  • mt7992
  • mt7993
  • mt7981
  • mt7915
  • mt6990

openwrt

  • openwrt
CWE

No CWE.