CVE-2021-37583
Description
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds write).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An out-of-bounds write vulnerability in MediaTek chipsets due to improper handling of IEEE 1905 protocols could allow remote code execution.
Vulnerability
The vulnerability is an out-of-bounds write in the IEEE 1905 protocol handling of MediaTek Wi-Fi chipsets. Affected chipsets include MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, and MT7915 running software version 2.0.2. Devices using these chipsets, such as certain NETGEAR routers and extenders, are impacted [1][2].
Exploitation
An attacker on the same local network can send a specially crafted IEEE 1905 packet to the affected device. No authentication or user interaction is required. The out-of-bounds write occurs during packet processing [1][2].
Impact
Successful exploitation could allow an attacker to execute arbitrary code on the device or cause a denial of service, potentially compromising the device's functionality and network security [1].
Mitigation
MediaTek has provided patches to device OEMs. NETGEAR has released firmware updates for many affected products, including EAX11v2 (fixed in 1.0.3.34), EX3700 (fixed in 1.0.0.96), and WAX202 (fixed in 1.0.5.1). Users should update to the latest firmware. No workarounds are available [2].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- MediaTek/microchipsdescription
- Range: through 2021-11-11
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.