CVE-2021-37571

Vulnerability

CVE-2021-37571 is an out-of-bounds write vulnerability in the IEEE 1905 protocol handling of MediaTek Wi-Fi chipsets. The affected chipsets include MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, and MT7915, running software version 2.0.2. This vulnerability affects NETGEAR devices using these chipsets, as well as other OEM products. The issue arises from improper validation of input when processing IEEE 1905 packets, leading to a write beyond the allocated buffer [1][2].

Exploitation

An attacker can exploit this vulnerability by sending a specially crafted IEEE 1905 packet to an affected device over the network. No authentication or user interaction is required. The attacker only needs network access to the target device, which could be from a local network or remotely if the device is exposed. The crafted packet triggers the out-of-bounds write during protocol parsing [1][2].

Impact

Successful exploitation can lead to remote code execution (RCE) or denial of service (DoS). An attacker could gain full control of the affected device, potentially compromising network integrity and confidentiality. The vulnerability is rated High severity with a CVSS v3.1 score not explicitly provided but implied by the MediaTek bulletin [1].

Mitigation

NETGEAR has released firmware updates for many affected products, including extenders (e.g., EAX11v2 fixed in 1.0.3.34, EX3700 fixed in 1.0.0.96) and access points (e.g., WAC104 fixed in 1.0.4.20, WAX202 fixed in 1.0.5.1). MediaTek notified OEMs and provided patches prior to the January 2022 bulletin [1][2]. No workarounds are available; users should apply the latest firmware from their device vendor. Devices beyond their security support period may not receive fixes [2].