PT-2025-23450 · Mediatek +2 · Mt6890 +16

Published

2025-06-01

Updated

2025-07-18

CVE-2025-20674

Report an issue

CVSS v2.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions:

The product name cannot be determined.

Description:

A missing permission check in the wlan AP driver allows for the injection of arbitrary packets, potentially leading to remote escalation of privilege without requiring additional execution privileges. User interaction is not necessary for exploitation.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Incorrect Authorization

Weakness Enumeration

CWE-863

Related Identifiers

BDU:2025-06487

CVE-2025-20674

Affected Products

Mt6890

Mt7915

Mt7916

Mt7981

Mt7986

Mt7990

Mt7992

Mt7993

Openwrt

Mt7915 Firmware

Mt7916 Firmware

Mt7981 Firmware

Mt7986 Firmware

Mt7990 Firmware

Mt7992 Firmware

Mt7993 Firmware

Software Development Kit

PT-2025-23450 · Mediatek +2 · Mt6890 +16

Weakness Enumeration

Related Identifiers

Affected Products

References · 11