PT-2021-5742 · Mediatek · Mediatek Microchips

Published

2021-11-23

Updated

2022-01-10

CVE-2021-35055

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions MediaTek microchips versions MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915 Affected Software Versions 7.4.0.0

Description The issue is related to a buffer out-of-bounds write in the memory of MediaTek microchips, which can be exploited by a remote attacker to elevate their privileges. The vulnerability is caused by the mishandling of the WPS (Wi-Fi Protected Setup) protocol.

Recommendations For versions MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915, consider disabling the WPS protocol until a patch is available. For version 7.4.0.0, update to a newer version that addresses the out-of-bounds write issue. As a temporary workaround, restrict access to the WPS protocol to minimize the risk of exploitation.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

BDU:2022-00185

CVE-2021-35055

Affected Products

Mediatek Microchips

PT-2021-5742 · Mediatek · Mediatek Microchips

CVE-2021-35055

Weakness Enumeration

Related Identifiers

Affected Products

References · 10