PT-2021-5737 · Mediatek · Mt7628+9

Published

2021-12-25

Updated

2022-01-10

CVE-2021-32467

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:P

Name of the Vulnerable Software and Affected Versions MediaTek microchips versions MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915 Affected Software Versions 7.4.0.0

Description The issue is related to the mishandling of the WPS (Wi-Fi Protected Setup) protocol, which can lead to an out-of-bounds read in memory. This can allow a remote attacker to cause a denial of service. The estimated number of potentially affected devices is not specified.

Recommendations For versions MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915, consider disabling the WPS protocol until a patch is available. For version 7.4.0.0, update to a newer version that handles the WPS protocol correctly. As a temporary workaround, restrict access to the WPS protocol to minimize the risk of exploitation.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2022-00180

CVE-2021-32467

Affected Products

Mt7603E

Mt7610

Mt7612

Mt7613

Mt7615

Mt7620

Mt7622

Mt7628

Mt7629

Mt7915

PT-2021-5737 · Mediatek · Mt7628+9

CVE-2021-32467

Weakness Enumeration

Related Identifiers

Affected Products

References · 7