CVE-2021-37563

Name of the Vulnerable Software and Affected Versions MediaTek microchips versions 7.4.0.0

Description The issue is related to the mishandling of the WPS (Wi-Fi Protected Setup) protocol in MediaTek microchips, which can lead to an out-of-bounds write in memory. This can potentially allow a remote attacker to elevate their privileges. The affected chipsets include MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, and MT7915.

Recommendations For version 7.4.0.0, consider disabling the WPS protocol until a patch is available to prevent potential exploitation. Restrict access to the vulnerable Wi-Fi protocol implementation to minimize the risk of privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.