VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 25, 2021· Updated Aug 3, 2024

CVE-2021-32468

CVE-2021-32468

Description

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds read).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Out-of-bounds read in WPS handling on MediaTek chipsets in NETGEAR devices leads to information disclosure.

Vulnerability

An out-of-bounds read vulnerability exists in the WPS protocol handling of MediaTek chipsets (MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915) as used in NETGEAR devices and other products. The issue affects software version 7.4.0.0. The vulnerability occurs when processing WPS messages, allowing an attacker to read memory beyond the intended buffer.

Exploitation

An attacker with network access to the affected device can send specially crafted WPS messages to trigger the out-of-bounds read. No authentication or user interaction is required. The attack can be performed remotely over Wi-Fi.

Impact

Successful exploitation allows an attacker to read out-of-bounds memory, potentially leading to the disclosure of sensitive information such as cryptographic keys or other data. The vulnerability is classified as medium severity according to MediaTek's severity ratings [1].

Mitigation

NETGEAR has released firmware updates for many affected products, including EAX11v2 (version 1.0.3.34), EX3700 (version 1.0.0.96), and WAX202 (version 1.0.5.1) among others [2]. Users should update to the latest firmware. No workarounds are available. For devices without a fix, consider disabling WPS if possible.

References
  1. January 2022
  2. Security Advisory for WiFi WPS and IEEE-1905 Vulnerabilities on Multiple Products, PSV-2021-0298 & PSV-2021-0300

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.