In wlan service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00406897; Issue ID: MSV-2875.
References
Link | Resource |
---|---|
https://corp.mediatek.com/product-security-bulletin/April-2025 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
09 Apr 2025, 15:46
Type | Values Removed | Values Added |
---|---|---|
References | () https://corp.mediatek.com/product-security-bulletin/April-2025 - Vendor Advisory | |
CPE | cpe:2.3:h:mediatek:mt7986:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt7916:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt7915:-:*:*:*:*:*:*:* cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:* cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:* cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt7622:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt7981:-:*:*:*:*:*:*:* cpe:2.3:a:mediatek:software_development_kit:*:*:*:*:*:*:*:* |
|
First Time |
Mediatek mt7986
Mediatek mt7915 Mediatek Mediatek software Development Kit Mediatek mt7622 Mediatek mt6890 Mediatek mt7916 Openwrt openwrt Mediatek mt7981 Openwrt |
07 Apr 2025, 14:17
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
07 Apr 2025, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-04-07 04:15
Updated : 2025-04-09 15:46
NVD link : CVE-2025-20654
Mitre link : CVE-2025-20654
CVE.ORG link : CVE-2025-20654
JSON object : View
Products Affected
mediatek
- mt7915
- mt7986
- mt6890
- mt7916
- mt7622
- mt7981
- software_development_kit
openwrt
- openwrt
CWE
CWE-787
Out-of-bounds Write