Unrated severityNVD Advisory· Published Dec 25, 2021· Updated Aug 3, 2024

CVE-2021-32467

Description

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds read).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An out-of-bounds read in MediaTek WPS implementation on NETGEAR devices could allow information disclosure via crafted WPS frames.

Vulnerability

CVE-2021-32467 is an out-of-bounds read vulnerability in the WPS (Wi-Fi Protected Setup) protocol handling of MediaTek microchips. The affected chipsets include MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, and MT7915, running software version 7.4.0.0. The flaw resides in the WPS message parsing logic and can be triggered without authentication when a device processes a specially crafted WPS frame [1]. NETGEAR products using these chipsets are among the affected devices [2].

Exploitation

An attacker within Wi-Fi range of a vulnerable device can send a malicious WPS frame to trigger the out-of-bounds read. No prior authentication or user interaction is required. The attacker only needs network proximity to the target device [1][2].

Impact

Successful exploitation results in an out-of-bounds read, potentially leaking sensitive memory contents. This could lead to information disclosure, such as Wi-Fi credentials or other data stored in the device's memory. The vulnerability is rated Medium severity (CVSS v3.1) [1].

Mitigation

MediaTek notified device OEMs and provided patches [1]. NETGEAR released firmware updates for affected products, including extenders (e.g., EAX11v2, EX3700) and access points (e.g., WAC104, WAX202). Users should update to the latest firmware listed in the NETGEAR advisory [2]. No workarounds are available [2].

References

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

MediaTek/microchipsdescription
Mediatek/MT7620llm-create
Range: <= 7.4.0.0
Mediatek/MT7603Ellm-fuzzy
Range: <= 7.4.0.0
Linux/mt7915llm-fuzzy
Range: <= 7.4.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

corp.mediatek.com/product-security-bulletin/January-2022mitrex_refsource_CONFIRM
kb.netgear.com/000064368/Security-Advisory-for-WiFi-WPS-and-IEEE-1905-Vulnerabilities-on-Multiple-Products-PSV-2021-0298-PSV-2021-0300mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000