CVE-2021-37560

Name of the Vulnerable Software and Affected Versions MediaTek microchips versions MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915 Affected Software Versions 7.4.0.0

Description The issue is related to a buffer out-of-bounds write in the memory of MediaTek microchips, which can be exploited by a remote attacker to elevate their privileges. The vulnerability is caused by the mishandling of the WPS (Wi-Fi Protected Setup) protocol.

Recommendations For versions MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915, consider disabling the WPS protocol until a patch is available. As a temporary workaround, restrict access to the WPS protocol to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.