PT-2021-5731 · NetGear+1 · Netgear Devices+8
Published
2021-12-25
·
Updated
2023-08-08
·
CVE-2021-37571
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
MediaTek microchips versions 2.0.2
MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915 (affected versions not specified)
Description
The issue is related to a buffer overflow in the memory of MediaTek Wi-Fi driver microcode, which can allow a remote attacker to elevate their privileges. The problem is caused by the mishandling of IEEE 1905 protocols in MediaTek microchips, as used in NETGEAR devices and other devices.
Recommendations
For version 2.0.2, update to a newer version to mitigate the risk.
For MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mt7603E
Mt7613
Mt7615
Mt7622
Mt7628
Mt7629
Mt7915
Mediatek Microchips
Netgear Devices