Vulnerability Database

314,453

Total vulnerabilities in the database

CVE-2025-20674

In wlan AP driver, there is a possible way to inject arbitrary packet due to a missing permission check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413202; Issue ID: MSV-3303.

Published: Jun 2, 2025
Updated: Nov 16, 2025
CVE: CVE-2025-20674
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-863

Affected Software
References

Software	From	Fixed in
openwrt / openwrt	19.07.0	19.07.0.x
openwrt / openwrt	21.02.0	21.02.0.x
openwrt / openwrt	23.05	23.05.x
mediatek / software_development_kit	-	7.6.7.2.x

https://corp.mediatek.com/product-security-bulletin/June-2025

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo