Search Results (153 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-30872 1 Openwrt 1 Openwrt 2026-03-25 9.8 Critical
OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the match_ipv6_addresses function, triggered when processing PTR queries for IPv6 reverse DNS domains (.ip6.arpa) received via multicast DNS on UDP port 5353. During processing, the domain name from name_buffer is copied via strcpy into a fixed 256-byte stack buffer, and then the reverse IPv6 request is extracted into a buffer of only 46 bytes (INET6_ADDRSTRLEN). Because the length of the data is never validated before this extraction, an attacker can supply input larger than 46 bytes, causing an out-of-bounds write. This allows a specially crafted DNS query to overflow the stack buffer in match_ipv6_addresses, potentially enabling remote code execution. This issue has been fixed in versions 24.10.6 and 25.12.1.
CVE-2026-30873 1 Openwrt 1 Openwrt 2026-03-25 4.9 Medium
OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jp_get_token function, which performs lexical analysis by breaking input expressions into tokens, contains a memory leak vulnerability when extracting string literals, field labels, and regular expressions using dynamic memory allocation. These extracted results are stored in a jp_opcode struct, which is later copied to a newly allocated jp_opcode object via jp_alloc_op. During this transfer, if a string was previously extracted and stored in the initial jp_opcode, it is copied to the new allocation but the original memory is never freed, resulting in a memory leak. This issue has been fixed in versions 24.10.6 and 25.12.1.
CVE-2026-30874 1 Openwrt 1 Openwrt 2026-03-25 7.8 High
OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplug_call function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege escalation. The function is intended to filter out sensitive environment variables like PATH when executing hotplug scripts in /etc/hotplug.d, but a bug using strcmp instead of strncmp causes the filter to compare the full environment string (e.g., PATH=/some/value) against the literal "PATH", so the match always fails. As a result, the PATH variable is never excluded, enabling an attacker to control which binaries are executed by procd-invoked scripts running with elevated privileges. This issue has been fixed in version 24.10.6.
CVE-2025-20734 3 Mediatek, Mediatk, Openwrt 18 Mt6890, Mt7615, Mt7622 and 15 more 2026-02-26 4.2 Medium
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00441507; Issue ID: MSV-4112.
CVE-2025-20732 3 Mediatek, Mediatk, Openwrt 18 Mt6890, Mt7615, Mt7622 and 15 more 2026-02-26 5.3 Medium
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege (when OceReducedNeighborReport is disabled). User interaction is not needed for exploitation. Patch ID: WCNCR00441510; Issue ID: MSV-4139.
CVE-2025-20731 2 Mediatek, Openwrt 10 Mt6890, Mt7615, Mt7622 and 7 more 2026-02-26 5.3 Medium
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege (when OceReducedNeighborReport is disabled). User interaction is not needed for exploitation. Patch ID: WCNCR00441511; Issue ID: MSV-4140.
CVE-2025-20650 5 Google, Linuxfoundation, Mediatek and 2 more 25 Android, Yocto, Mt2737 and 22 more 2026-02-26 6.8 Medium
In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issue ID: MSV-2061.
CVE-2024-20146 4 Google, Linuxfoundation, Mediatek and 1 more 30 Android, Yocto, Mt2737 and 27 more 2026-02-26 8.1 High
In wlan STA driver, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389496 / ALPS09137491; Issue ID: MSV-1835.
CVE-2025-20654 2 Mediatek, Openwrt 8 Mt6890, Mt7622, Mt7915 and 5 more 2026-02-26 9.8 Critical
In wlan service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00406897; Issue ID: MSV-2875.
CVE-2025-20674 2 Mediatek, Openwrt 11 Mt6890, Mt6990, Mt7915 and 8 more 2026-02-26 9.8 Critical
In wlan AP driver, there is a possible way to inject arbitrary packet due to a missing permission check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413202; Issue ID: MSV-3303.
CVE-2025-20705 4 Google, Linuxfoundation, Mediatek and 1 more 43 Android, Yocto, Monitor Hang and 40 more 2026-02-26 7.8 High
In monitor_hang, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09989078; Issue ID: MSV-3964.
CVE-2025-20712 2 Mediatek, Openwrt 12 Mt6799, Mt6990, Mt6990 Firmware and 9 more 2026-02-26 8.8 High
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00422323; Issue ID: MSV-3810.
CVE-2025-20711 2 Mediatek, Openwrt 6 Mt6890, Mt7916, Mt7981 and 3 more 2026-02-26 8.8 High
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00422399; Issue ID: MSV-3748.
CVE-2025-20710 2 Mediatek, Openwrt 7 Mt6890, Mt7915, Mt7916 and 4 more 2026-02-26 8.8 High
In wlan AP driver, there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418785; Issue ID: MSV-3515.
CVE-2025-20709 2 Mediatek, Openwrt 12 Mt6890, Mt6890 Firmware, Mt7915 and 9 more 2026-02-26 8.8 High
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00415809; Issue ID: MSV-3405.
CVE-2025-20718 2 Mediatek, Openwrt 10 Mt6890, Mt7615, Mt7622 and 7 more 2026-02-26 7.8 High
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00419945; Issue ID: MSV-3581.
CVE-2025-20719 2 Mediatek, Openwrt 10 Mt6890, Mt7603, Mt7615 and 7 more 2026-02-26 8.8 High
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418955; Issue ID: MSV-3570.
CVE-2025-20720 2 Mediatek, Openwrt 10 Mt6890, Mt7603, Mt7615 and 7 more 2026-02-26 8.8 High
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418954; Issue ID: MSV-3569.
CVE-2025-20713 2 Mediatek, Openwrt 10 Mt6890, Mt7615, Mt7622 and 7 more 2026-02-26 7.8 High
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00432661; Issue ID: MSV-3904.
CVE-2025-20714 2 Mediatek, Openwrt 18 Mt6890, Mt6890 Firmware, Mt7615 and 15 more 2026-02-26 7.8 High
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00432659; Issue ID: MSV-3902.