CVE-2025-20674

Critical CVSS: 9.8

In wlan AP driver, there is a possible way to inject arbitrary packet due to a missing permission check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413202; Issue ID: MSV-3303.

Vendor

Openwrt

Product

Openwrt

CWE

CWE-863

Yayın Tarihi

2025-06-02 03:15:24

Güncelleme

2025-07-18 17:16:22

Source Identifier

security@mediatek.com

KEV Date Added

Kategoriler

CWE-863 Openwrt CRITICAL Openwrt 2025

Referanslar

https://corp.mediatek.com/product-security-bulletin/June-2025

Benzer Kayıtlar

Low

CVE-2026-30874

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in…

Critical

CVE-2026-30871

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the md…

Critical

CVE-2026-30872

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the md…

Low

CVE-2026-30873

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, t…

High

CVE-2025-62525

OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, local users could read…

High

CVE-2025-62526

OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, ubusd contains a heap…