PT-2021-5741 · Mediatek · Mt7628+7

Published

2021-12-25

Updated

2022-01-06

CVE-2021-37570

CVSS v3.1

8.2

High

Vector

AC:L/AV:N/A:L/C:H/I:N/PR:N/S:U/UI:N

Name of the Vulnerable Software and Affected Versions MediaTek microchips versions 2.0.2 Affected Chipsets: MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915

Description The issue is related to the mishandling of IEEE 1905 protocols in MediaTek microchips, which can be exploited by a remote attacker to cause a denial of service. The vulnerability is also associated with a lack of authorization.

Recommendations For version 2.0.2, consider disabling the handling of IEEE 1905 protocols until a patch is available. Restrict access to the vulnerable chipsets to minimize the risk of exploitation. Avoid using the affected software versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2022-00184

CVE-2021-37570

Affected Products

Mt7603E

Mt7613

Mt7615

Mt7622

Mt7628

Mt7629

Mt7915

Mediatek Microchips

PT-2021-5741 · Mediatek · Mt7628+7

CVE-2021-37570

Weakness Enumeration

Related Identifiers

Affected Products

References · 7