CVE-2021-32469

Vulnerability

CVE-2021-32469 is an out-of-bounds read vulnerability in the Wi-Fi Protected Setup (WPS) protocol handling of MediaTek microchips. The affected chipsets include MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, and MT7915, running software version 7.4.0.0. The bug occurs when the device processes WPS messages, leading to a read beyond the allocated buffer. This vulnerability affects NETGEAR devices and other products using these chipsets [1][2].

Exploitation

An attacker within Wi-Fi range can exploit this vulnerability by sending a specially crafted WPS frame to the target device. No authentication or user interaction is required; the attacker only needs to be able to initiate a WPS exchange. The out-of-bounds read is triggered during the parsing of the malicious WPS message [1][2].

Impact

Successful exploitation results in an out-of-bounds read, which may disclose sensitive memory contents from the device. This could lead to information disclosure of Wi-Fi credentials or other data. The vulnerability is rated as Medium severity by MediaTek [1].

Mitigation

NETGEAR has released firmware updates for many affected products, including extenders (e.g., EAX11v2, EX3700, EX6120) and access points (e.g., WAC104, WAX202) [2]. MediaTek notified OEMs and provided patches in the January 2022 bulletin [1]. No workarounds are available; users should apply the latest firmware from their device vendor. Devices that are no longer supported may remain vulnerable [2].