CVE-2021-37584

Name of the Vulnerable Software and Affected Versions MediaTek microchips versions 7.4.0.0

Description The issue is related to the mishandling of the WPS (Wi-Fi Protected Setup) protocol, which can lead to an out-of-bounds write. This can potentially allow a remote attacker to elevate their privileges. The affected chipsets include MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, and MT7915.

Recommendations For version 7.4.0.0, as a temporary workaround, consider disabling the WPS protocol until a patch is available. Restrict access to the vulnerable Wi-Fi driver to minimize the risk of exploitation. Avoid using the WPS protocol in the affected devices until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.