Description
In wlan AP FW, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00467553; Issue ID: MSV-5151.
Published: 2026-03-02
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a CWE‑787 out‑of‑bounds write in the MediaTek WLAN access point firmware caused by an insufficient bounds check. The flaw can be triggered without user interaction, allowing a malicious actor to alter memory structures and elevate privileges within the device. The impact is a local or proximal privilege escalation that grants the attacker higher level access without additional code execution capabilities.

Affected Systems

The flaw affects MediaTek chipsets used in wireless access points, including the MT6890, MT7915, MT7916, MT7981, and MT7986 families. Devices running OpenWrt firmware versions 19.07.0, 21.02.0, or 23.05.0 on these chipsets are also impacted. Any network equipment that incorporates these MediaTek chipsets and runs the referenced firmware is vulnerable.

Risk and Exploitability

The CVSS score of 8.8 indicates high severity. The EPSS score of less than 1% suggests a low current exploitation probability, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Exploitation does not require user interaction and is likely to occur through crafted wireless traffic source proximity. Attackers could send specially constructed packets to the access point, causing the firmware to perform an out‑of‑bounds write and gain elevated privileges.

Generated by OpenCVE AI on April 16, 2026 at 14:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official firmware update containing Patch ID WCNCR00467553 to all affected MediaTek devices
  • Upgrade to the latest available AP firmware version for each specific chipset (MT6890, MT7915, MT7916, MT7981, MT7986)
  • If an immediate firmware upgrade cannot be performed, limit wireless traffic or disable the vulnerable interfaces until the patch can be applied

Generated by OpenCVE AI on April 16, 2026 at 14:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Write in MediaTek Wireless Firmware Enables Privilege Escalation

Mon, 02 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Mediatek
Mediatek mt6890
Mediatek mt7915
Mediatek mt7916
Mediatek mt7981
Mediatek mt7986
Mediatek software Development Kit
Openwrt
Openwrt openwrt
CPEs cpe:2.3:a:mediatek:software_development_kit:*:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7915:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7916:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7981:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7986:-:*:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:23.05.0:-:*:*:*:*:*:*
Vendors & Products Mediatek
Mediatek mt6890
Mediatek mt7915
Mediatek mt7916
Mediatek mt7981
Mediatek mt7986
Mediatek software Development Kit
Openwrt
Openwrt openwrt

Mon, 02 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 02 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
Description In wlan AP FW, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00467553; Issue ID: MSV-5151.
Weaknesses CWE-787
References

Subscriptions

Mediatek Mt6890 Mt7915 Mt7916 Mt7981 Mt7986 Software Development Kit
Openwrt Openwrt
cve-icon MITRE

Status: PUBLISHED

Assigner: MediaTek

Published:

Updated: 2026-03-30T13:05:32.389Z

Reserved: 2025-11-03T01:30:59.011Z

Link: CVE-2026-20430

cve-icon Vulnrichment

Updated: 2026-03-02T13:38:43.828Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-02T09:16:16.323

Modified: 2026-03-02T22:05:08.293

Link: CVE-2026-20430

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T14:45:25Z

Weaknesses