MediaTek MT6890
Moderate fix3 remedies
cpe:2.3:h:mediatek:mt6890:*:*:*:*:*:*:*, +1 more
Moderate fix3 remedies
- <= 7.4.0.1
- 19.07
- 21.02
MediaTek Chipsets Out-of-Bounds Write Vulnerability in WLAN Service Allowing Remote Code Execution
Vulnerability
Patched
A critical out-of-bounds write vulnerability has been identified in the WLAN service of certain MediaTek chipsets. This issue arises from an incorrect bounds check, which could lead to remote code execution without requiring additional execution privileges. Exploitation of this vulnerability does not need user interaction. The affected chipsets include MT6890, MT7622, MT7915, MT7916, MT7981, and MT7986. The vulnerability is present in SDK version 7.4.0.1 and prior (for MT7622 and MT7915), SDK version 7.6.7.0 and prior (for MT7916, MT7981, and MT7986), and OpenWrt versions 19.07 and 21.02 (for MT6890).
Impact
Exploitation of this vulnerability could lead to remote code execution on the affected device.
Remediation
MediaTek has issued a patch for this vulnerability, which can be applied by device manufacturers. Instructions for applying the patch are available through the MediaTek contact person for OEMs.
Added: Sep 1, 2025, 7:22 PM
Updated: Sep 1, 2025, 7:22 PM
Vulnerability Rating
Custom Algorithm
spread
8.1impact
7.5exploitability
7.0remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
5.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.