CVE-2021-37569

Vulnerability

CVE-2021-37569 is an out-of-bounds write vulnerability in the IEEE 1905 protocol handling of MediaTek Wi-Fi chipsets. The affected chipsets include MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, and MT7915, running software version 2.0.2. Devices using these chipsets, such as multiple NETGEAR routers and extenders, are impacted. The flaw occurs when the chipset processes specially crafted IEEE 1905 packets, leading to a write beyond the allocated buffer boundaries.

Exploitation

An attacker can exploit this vulnerability by sending a malicious IEEE 1905 packet to a target device over the network. No authentication or user interaction is required. The attacker only needs network access to the affected device, making the attack remotely exploitable. The crafted packet triggers the out-of-bounds write during protocol parsing.

Impact

Successful exploitation results in memory corruption, which can lead to denial of service or potentially remote code execution. An attacker may be able to execute arbitrary code with the privileges of the affected process, often running with elevated system permissions. This could allow full compromise of the device, including data exfiltration or use as a pivot point in the network.

Mitigation

MediaTek addressed this vulnerability in its January 2022 Product Security Bulletin [1]. NETGEAR released firmware updates for affected products, including extenders (e.g., EAX11v2, EX3700) and access points (e.g., WAC104, WAX202), as listed in their advisory [2]. Users should update to the latest firmware versions specified in the advisory. No workarounds are available; devices not receiving updates remain vulnerable.