Vulnerability Description
In wlan AP driver, there is a possible way to inject arbitrary packet due to a missing permission check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413202; Issue ID: MSV-3303.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openwrt | Openwrt | 19.07.0 |
| Mediatek | Mt6890 | - |
| Mediatek | Mt6990 | - |
| Mediatek | Software Development Kit | <= 7.6.7.2 |
| Mediatek | Mt7915 | - |
| Mediatek | Mt7916 | - |
| Mediatek | Mt7981 | - |
| Mediatek | Mt7986 | - |
| Mediatek | Mt7990 | - |
| Mediatek | Mt7992 | - |
| Mediatek | Mt7993 | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2025-20674?
CVE-2025-20674 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In wlan AP driver, there is a possible way to inject arbitrary packet due to a missing permission check. This could lead to remote escalation of privilege with no additional execution privileges neede...
How severe is CVE-2025-20674?
CVE-2025-20674 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-20674?
Check the references section above for vendor advisories and patch information. Affected products include: Openwrt Openwrt, Mediatek Mt6890, Mediatek Mt6990, Mediatek Software Development Kit, Mediatek Mt7915.