CVE-2025-20674

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions The product name cannot be determined.

Description A missing permission check in the wlan AP driver allows for the injection of arbitrary packets, potentially leading to remote escalation of privilege without requiring additional execution privileges. User interaction is not necessary for exploitation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

BDU:2025-06487

CVE-2025-20674

Affected Products

Mt6890

Mt7915

Mt7916

Mt7981

Mt7986

Mt7990

Mt7992

Mt7993

Openwrt

Mt7915 Firmware

Mt7916 Firmware

Mt7981 Firmware

Mt7986 Firmware

Mt7990 Firmware

Mt7992 Firmware

Mt7993 Firmware

Software Development Kit

CVE-2025-20674

Weakness Enumeration

Related Identifiers

Affected Products

References · 12