CVE-2021-37567

Vulnerability

CVE-2021-37567 is an out-of-bounds read vulnerability in the IEEE 1905 protocol handling of certain MediaTek Wi-Fi chipsets. The affected chipsets include MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, and MT7915, running software version 2.0.2 [1]. These chipsets are used in NETGEAR devices and other products [2]. The vulnerability arises when the device processes malformed IEEE 1905 packets, leading to an out-of-bounds memory read.

Exploitation

An attacker with network access to the affected device can send specially crafted IEEE 1905 packets to trigger the out-of-bounds read. No authentication or user interaction is required for exploitation [1][2]. The attack is performed remotely over the local network.

Impact

Successful exploitation results in an out-of-bounds read, which may lead to information disclosure of sensitive memory contents. The vulnerability is rated as Medium severity by MediaTek [1]. There is no indication of code execution or privilege escalation.

Mitigation

NETGEAR has released firmware updates for many affected products, including extenders (e.g., EAX11v2 fixed in 1.0.3.34, EX3700 fixed in 1.0.0.96) and access points (e.g., WAC104 fixed in 1.0.4.20, WAX202 fixed in 1.0.5.1) [2]. MediaTek has notified OEMs and provided patches [1]. No workarounds are available [2]. Users should apply the latest firmware from their device vendor.