CVE-2025-20646

CRITICAL

9.8

Descricao

In wlan AP FW, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389074; Issue ID: MSV-1803.

Detalhes CVE

Pontuacao CVSS v3.19.8

SeveridadeCRITICAL

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado3/3/2025

Ultima modificacao4/22/2025

Fontenvd

Avistamentos honeypot0

Produtos afetados

mediatek:mt6890mediatek:mt7915mediatek:mt7916mediatek:mt7981mediatek:mt7986mediatek:software_development_kit

Fraquezas (CWE)

CWE-787CWE-787

Referencias

https://corp.mediatek.com/product-security-bulletin/March-2025(security@mediatek.com)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.