Information Disclosure in WLAN AP Driver by MediaTek
CVE-2025-20664
7.5HIGH
Key Information:
- Vendor
- MediaTek
- Vendor
- CVE Published:
- 7 April 2025
Summary
A vulnerability exists in the WLAN access point (AP) driver developed by MediaTek, which may result in unintended information disclosure. This issue is caused by an uncaught exception that can be exploited in scenarios where an attacker is proximal or adjacent to the vulnerable device. Remarkably, the exploitation of this vulnerability does not necessitate any user interaction, making it a significant concern for organizations relying on impacted products. A patch is available to address this issue, and users are encouraged to update to the latest version.
Affected Version(s)
MT7915, MT7916, MT7981, MT7986, MT7990, MT7992 SDK release 7.4.0.1 (MT7915) and 7.6.7.2 (MT7916, MT798X) and 8.2.1.4 (MT799X) and before
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved