CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-20664
https://notcve.org/view.php?id=CVE-2025-20664
07 Apr 2025 — In wlan AP driver, there is a possible information disclosure due to an uncaught exception. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00406217; Issue ID: MSV-2773. • https://corp.mediatek.com/product-security-bulletin/April-2025 • CWE-248: Uncaught Exception •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-20663
https://notcve.org/view.php?id=CVE-2025-20663
07 Apr 2025 — In wlan AP driver, there is a possible information disclosure due to an uncaught exception. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00408868; Issue ID: MSV-3031. • https://corp.mediatek.com/product-security-bulletin/April-2025 • CWE-248: Uncaught Exception •
CVSS: 7.5EPSS: 0%CPEs: 85EXPL: 0CVE-2025-20659
https://notcve.org/view.php?id=CVE-2025-20659
07 Apr 2025 — In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01519028; Issue ID: MSV-2768. • https://corp.mediatek.com/product-security-bulletin/April-2025 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-20649
https://notcve.org/view.php?id=CVE-2025-20649
03 Mar 2025 — In Bluetooth Stack SW, there is a possible information disclosure due to a missing permission check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00396437; Issue ID: MSV-2184. • https://corp.mediatek.com/product-security-bulletin/March-2025 • CWE-280: Improper Handling of Insufficient Permissions or Privileges •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20646
https://notcve.org/view.php?id=CVE-2025-20646
03 Mar 2025 — In wlan AP FW, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389074; Issue ID: MSV-1803. • https://corp.mediatek.com/product-security-bulletin/March-2025 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-20644
https://notcve.org/view.php?id=CVE-2025-20644
03 Mar 2025 — In Modem, there is a possible memory corruption due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01525673; Issue ID: MSV-2747. • https://corp.mediatek.com/product-security-bulletin/March-2025 • CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-20147
https://notcve.org/view.php?id=CVE-2024-20147
03 Feb 2025 — In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389046 (Note: For MT79XX chipsets) / ALPS09136501 (Note: For MT2737, MT3603, MT6XXX, and MT8XXX chipsets); Issue ID: MSV-1797. • https://corp.mediatek.com/product-security-bulletin/February-2025 • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20637
https://notcve.org/view.php?id=CVE-2025-20637
03 Feb 2025 — In network HW, there is a possible system hang due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00399035; Issue ID: MSV-2380. • https://corp.mediatek.com/product-security-bulletin/February-2025 • CWE-248: Uncaught Exception •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2025-20634
https://notcve.org/view.php?id=CVE-2025-20634
03 Feb 2025 — In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01289384; Issue ID: MSV-2436. • https://corp.mediatek.com/product-security-bulletin/February-2025 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20631
https://notcve.org/view.php?id=CVE-2025-20631
03 Feb 2025 — In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00397141; Issue ID: MSV-2187. • https://corp.mediatek.com/product-security-bulletin/February-2025 • CWE-787: Out-of-bounds Write •