CVE-2021-37562

Vulnerability

CVE-2021-37562 is an out-of-bounds read vulnerability in the WPS (Wi-Fi Protected Setup) protocol implementation of MediaTek chipsets, including MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, and MT7915, with affected software version 7.4.0.0 [1]. The flaw resides in how the chipset processes WPS messages, allowing an attacker to trigger an out-of-bounds memory read.

Exploitation

An attacker within Wi-Fi range can send specially crafted WPS messages to a vulnerable device. No authentication is required, as WPS is typically accessible before network association. The attacker does not need any prior credentials or user interaction. The out-of-bounds read occurs when the device parses the malicious WPS frame.

Impact

Successful exploitation results in an out-of-bounds read, which may lead to the disclosure of sensitive memory contents. This could expose information such as Wi-Fi credentials or other data processed by the chipset. The vulnerability is classified as Medium severity by MediaTek [1].

Mitigation

MediaTek has released patches for the affected chipsets, and device OEMs have been notified [1]. NETGEAR has published firmware updates for several affected products, including extenders (e.g., EAX11v2, EX3700) and access points (e.g., WAC104, WAX202) [2]. Users should update to the latest firmware as provided by their device manufacturer. No workarounds are available [2].