PT-2021-5728 · Mediatek · Mediatek Microchips

Published

2021-12-25

Updated

2022-01-06

CVE-2021-41788

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:P

Name of the Vulnerable Software and Affected Versions MediaTek microchips versions MT7603E, MT7612, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915 MediaTek microchips version 7.4.0.0

Description The issue exists due to insufficient input validation in the wifi driver software of MediaTek microchips. This can allow a remote attacker to cause a denial of service by exploiting the mishandling of Wi-Fi authentication flooding attempts.

Recommendations For MediaTek microchips versions MT7603E, MT7612, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915, consider disabling Wi-Fi authentication flooding to minimize the risk of exploitation until a patch is available. For MediaTek microchips version 7.4.0.0, consider disabling Wi-Fi authentication flooding to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2022-00171

CVE-2021-41788

Affected Products

Mediatek Microchips

PT-2021-5728 · Mediatek · Mediatek Microchips

CVE-2021-41788

Weakness Enumeration

Related Identifiers

Affected Products

References · 7