CVE-2021-37560

Vulnerability

CVE-2021-37560 is an out-of-bounds write vulnerability in the WPS (Wi-Fi Protected Setup) protocol handling on MediaTek microchips. Affected chipsets include MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, and MT7915, running software version 7.4.0.0 [1]. These chipsets are used in various NETGEAR devices, such as extenders and access points, as well as products from other vendors [2].

Exploitation

An attacker within Wi-Fi range can exploit this vulnerability by sending specially crafted WPS messages to a vulnerable device. No authentication or user interaction is required for exploitation [1]. The flaw lies in the mishandling of the WPS protocol, leading to an out-of-bounds write condition.

Impact

Successful exploitation could allow an attacker to write data beyond the allocated buffer, potentially leading to remote code execution, information disclosure, or denial of service. The attacker may gain full control of the affected device [1][2].

Mitigation

NETGEAR has released firmware updates for many affected products, including EAX11v2 (1.0.3.34), EAX12 (1.0.3.34), EX3700 (1.0.0.96), EX3800 (1.0.0.96), EX6120 (1.0.0.68), EX6130 (1.0.0.48), EX6250v2 (1.0.3.32), EX6400v3 (1.0.3.32), EX6410v2 (1.0.3.32), EX6470 (1.0.3.32), WAC104 (1.0.4.20), WAC124 (1.0.4.8), WAX202 (1.0.5.1), and WAX206 (1.0.4.0) [2]. MediaTek notified OEMs in the January 2022 bulletin [1]. For devices not yet patched, no workarounds are available; users should apply fixes as soon as possible.