CVE-2021-37562

Name of the Vulnerable Software and Affected Versions MediaTek microchips versions MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915 Affected Software Versions 7.4.0.0

Description The issue is related to an out-of-bounds read in the memory of MediaTek microchips, which can be exploited by a remote attacker to cause a denial of service. The vulnerability is due to the mishandling of the WPS (Wi-Fi Protected Setup) protocol.

Recommendations For versions MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915, consider disabling the WPS protocol until a patch is available. As a temporary workaround, restrict access to the WPS protocol to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.