Lucene search
+L

CVE-2025-20720

🗓️ 14 Oct 2025 09:11:41Reported by MediaTekType 
cve
 cve
🔗 web.nvd.nist.gov👁 21 Views🌐 WEB

CVE-2025-20720: WLAN AP driver out-of-bounds write enabling remote privilege escalation.

Related
Detection
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
circl
CVE-2025-20720
14 Oct 202513:27
circl
cnnvd
MediaTek Chipsets 安全漏洞
14 Oct 202500:00
cnnvd
cvelist
CVE-2025-20720
14 Oct 202509:11
cvelist
githubexploit
Exploit for Out-of-bounds Write in Mediatek Software_Development_Kit
10 Jul 202608:02
githubexploit
euvd
EUVD-2025-34172
14 Oct 202512:31
euvd
nvd
CVE-2025-20720
14 Oct 202510:15
nvd
osv
CVE-2025-20720
14 Oct 202510:15
osv
ptsecurity
PT-2025-41876
14 Oct 202500:00
ptsecurity
redhatcve
CVE-2025-20720
15 Oct 202509:54
redhatcve
vulnrichment
CVE-2025-20720
14 Oct 202509:11
vulnrichment
Rows per page
NVD
Vulners
[
  {
    "vendor": "MediaTek, Inc.",
    "product": "MT6890, MT7603, MT7615, MT7622, MT7915, MT7916, MT7981, MT7986",
    "versions": [
      {
        "version": "SDK release 7.6.7.2 and before / OpenWrt 19.07, 21.02 (MT6890)",
        "status": "affected"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
cartItem.skurequest bodyrest/default/V1/guest-cartsUnauthenticated creation of a guest cart vulnerable to file upload in cart item processing.CWE-787CWE-122
cartItem.qtyrequest bodyrest/default/V1/guest-cartsUnauthenticated creation of a guest cart vulnerable to file upload in cart item processing.CWE-787CWE-122
cartItem.quote_idrequest bodyrest/default/V1/guest-cartsUnauthenticated creation of a guest cart vulnerable to file upload in cart item processing.CWE-787CWE-122
cartItem.product_option.extension_attributes.file_info.base64_encoded_datarequest bodyrest/default/V1/guest-cartsUnauthenticated creation of a guest cart vulnerable to file upload in cart item processing.CWE-787CWE-122
cartItem.product_option.extension_attributes.file_info.namerequest bodyrest/default/V1/guest-cartsUnauthenticated creation of a guest cart vulnerable to file upload in cart item processing.CWE-787CWE-122
cartItem.product_option.extension_attributes.file_info.typerequest bodyrest/default/V1/guest-cartsUnauthenticated creation of a guest cart vulnerable to file upload in cart item processing.CWE-787CWE-122
cartItem.skurequest bodyrest/default/V1/guest-carts/{id}/itemsUpload of base64-encoded file via guest cart item to a cart, enabling arbitrary file upload and potential RCE.CWE-787CWE-122
cartItem.qtyrequest bodyrest/default/V1/guest-carts/{id}/itemsUpload of base64-encoded file via guest cart item to a cart, enabling arbitrary file upload and potential RCE.CWE-787CWE-122
cartItem.quote_idrequest bodyrest/default/V1/guest-carts/{id}/itemsUpload of base64-encoded file via guest cart item to a cart, enabling arbitrary file upload and potential RCE.CWE-787CWE-122
cartItem.product_option.extension_attributes.file_info.base64_encoded_datarequest bodyrest/default/V1/guest-carts/{id}/itemsUpload of base64-encoded file via guest cart item to a cart, enabling arbitrary file upload and potential RCE.CWE-787CWE-122
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 08:41Current
7High risk
Vulners AI Score7
CVSS 3.18.8
EPSS0.00243
SSVC
21