CVE-2021-37564
Description
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds read).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Out-of-bounds read in MediaTek chipsets mishandling IEEE 1905 protocols affects NETGEAR devices; fixed in firmware updates.
Vulnerability
CVE-2021-37564 is an out-of-bounds read vulnerability in MediaTek chipsets due to improper handling of IEEE 1905 protocols. Affected chipsets include MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, and MT7915, with software version 2.0.2. Devices using these chipsets, such as NETGEAR routers and extenders, are vulnerable [1][2].
Exploitation
An attacker with local network access can send specially crafted IEEE 1905 packets to trigger the out-of-bounds read. No authentication or user interaction is required for exploitation [1].
Impact
Successful exploitation allows an attacker to read out-of-bounds memory, potentially leading to information disclosure of sensitive data. The vulnerability is rated as Medium severity by MediaTek [1].
Mitigation
MediaTek has provided patches to device OEMs. NETGEAR has released firmware updates for affected products, including extenders (e.g., EAX11v2, EX3700) and access points (e.g., WAC104, WAX202). Users should update to the latest firmware versions listed in the NETGEAR advisory [2]. No workarounds are available.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- MediaTek/microchipsdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.