CVE-2021-37565

Vulnerability

CVE-2021-37565 is an out-of-bounds read vulnerability in MediaTek chipsets (MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915) when processing IEEE 1905 protocol packets. The flaw exists in software version 2.0.2 and affects devices using these chipsets, including multiple NETGEAR products [1][2]. The vulnerability is triggered by mishandling of IEEE 1905 frames, leading to reading beyond allocated memory boundaries.

Exploitation

An attacker on the local network can send specially crafted IEEE 1905 packets to a vulnerable device. No authentication or user interaction is required. The out-of-bounds read occurs during packet parsing, potentially allowing the attacker to access sensitive data from adjacent memory regions.

Impact

Successful exploitation could lead to information disclosure, as the out-of-bounds read may expose memory contents. The CVSS v3.1 base score is medium (exact score not specified in references). The attacker gains no direct code execution but may obtain sensitive information from the device's memory.

Mitigation

MediaTek has released patches, and NETGEAR has provided firmware updates for affected products within security support period. Fixed firmware versions include: EAX11v2 1.0.3.34, EAX12 1.0.3.34, EX3700 1.0.0.96, EX3800 1.0.0.96, EX6120 1.0.0.68, EX6130 1.0.0.48, EX6250v2 1.0.3.32, EX6400v3 1.0.3.32, EX6410v2 1.0.3.32, EX6470 1.0.3.32, WAC104 1.0.4.20, WAC124 1.0.4.8, WAX202 1.0.5.1, WAX206 1.0.4.0 [2]. No workarounds are available. Users should update to the latest firmware.