PT-2025-4152 · Mediatek · Mt7622+3
Published
2025-02-03
·
Updated
2025-02-08
·
CVE-2025-20633
CVSS v3.1
8.8
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
MediaTek MT7603/MT7615/MT7622/MT7915 versions up to 7.4.0.1
Description
In the WLAN AP driver, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Recommendations
For MediaTek MT7603/MT7615/MT7622/MT7915 versions up to 7.4.0.1, update to a version that includes the patch for issue ID MSV-2491 and patch ID WCNCR00400889 to resolve the issue.
As a temporary workaround, consider restricting access to the WLAN AP driver to minimize the risk of exploitation.
Fix
RCE
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mt7603E
Mt7615
Mt7622
Mt7915