VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 25, 2021· Updated Aug 4, 2024

CVE-2021-37570

CVE-2021-37570

Description

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds read).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An out-of-bounds read in MediaTek chipsets mishandling IEEE 1905 protocol allows potential information disclosure; affects NETGEAR and other devices.

Vulnerability

An out-of-bounds read vulnerability exists in MediaTek chipsets when handling IEEE 1905 protocol packets. Affected chipsets include MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, and MT7915, with software version 2.0.2 [1]. The issue occurs due to improper validation of received IEEE 1905 frames [1].

Exploitation

An unauthenticated attacker on the local network can send specially crafted IEEE 1905 packets to a vulnerable device, triggering an out-of-bounds memory read [1]. No user interaction or elevated privileges are required.

Impact

Successful exploitation allows an attacker to read out-of-bounds memory, potentially disclosing sensitive information such as Wi-Fi credentials or other data processed by the chipset [1]. The impact is limited to information disclosure; no code execution has been reported.

Mitigation

MediaTek has released patches to OEMs [1]. NETGEAR has released firmware updates for several affected products, including extenders and access points, as listed in their advisory [2]. For example, firmware versions 1.0.3.34 for EAX11v2, 1.0.0.96 for EX3700, 1.0.4.20 for WAC104, and others [2]. No workarounds are available [2]. Users should apply the latest firmware from their device vendor.

References
  1. January 2022
  2. Security Advisory for WiFi WPS and IEEE-1905 Vulnerabilities on Multiple Products, PSV-2021-0298 & PSV-2021-0300

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.