CVE-2021-37561

Vulnerability

CVE-2021-37561 is an out-of-bounds write vulnerability in the WPS (Wi-Fi Protected Setup) protocol handling of MediaTek microchipsets used in NETGEAR devices and other products [1]. Affected chipsets include MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, and MT7915 [1]. The affected software version is 7.4.0.0 [1]. The mishandling occurs during WPS message processing, potentially triggered when a device receives specially crafted WPS frames [1][2].

Exploitation

An attacker with network proximity could send malicious WPS frames to an affected device [1][2]. No authentication is required, and the attacker does not need prior access to the Wi-Fi network. The exploitation can be performed remotely over the air if the device has WPS enabled. The vulnerability does not require user interaction, making it exploitable in an automated fashion.

Impact

Successful exploitation leads to an out-of-bounds write, which could cause a denial-of-service condition by corrupting memory [1]. In some scenarios, this may allow an attacker to achieve code execution with elevated privileges on the device, fully compromising the affected system [1]. The impact is rated as High severity by MediaTek [1].

Mitigation

MediaTek has released patches for the affected chipsets [1]. For NETGEAR devices, firmware updates are available for several models: EAX11v2 (1.0.3.34), EAX12 (1.0.3.34), EX3700 (1.0.0.96), EX3800 (1.0.0.96), EX6120 (1.0.0.68), EX6130 (1.0.0.48), EX6250v2 (1.0.3.32), EX6410v2 (1.0.3.32), EX6470 (1.0.3.32), WAC104 (1.0.4.20), WAC124 (1.0.4.8), WAX202 (1.0.5.1), and WAX206 (1.0.4.0) [2]. No workarounds are available; users must apply the firmware fix [2]. This CVE is not listed on CISA's Known Exploited Vulnerabilities catalog as of this writing.