CVE-2021-37561

Name of the Vulnerable Software and Affected Versions MediaTek microchips versions 7.4.0.0 MediaTek microchips (affected versions not specified), specifically chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915

Description The issue is related to the mishandling of the WPS (Wi-Fi Protected Setup) protocol and an out-of-bounds write in the Wi-Fi driver software of MediaTek microchips. This can allow a remote attacker to elevate their privileges. The vulnerability is associated with a buffer overflow in memory.

Recommendations For version 7.4.0.0, update to a newer version that addresses the mishandling of the WPS protocol and the out-of-bounds write issue. For other affected versions of MediaTek microchips, specifically chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915, restrict access to the WPS protocol until a patch is available. As a temporary workaround, consider disabling the WPS protocol in affected devices until the issue is resolved.