PT-2021-5746 · Mediatek · Mt7628+7

Published

2021-12-25

Updated

2022-01-06

CVE-2021-37569

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions MediaTek microchips versions 2.0.2

Description The issue is related to the mishandling of IEEE 1905 protocols in MediaTek microchips, which can lead to an out-of-bounds write. This can potentially allow a remote attacker to elevate their privileges. The affected chipsets include MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, and MT7915.

Recommendations For version 2.0.2, consider disabling the handling of IEEE 1905 protocols until a patch is available. Restrict access to the vulnerable chipsets to minimize the risk of exploitation. Avoid using the affected chipsets in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

BDU:2022-00189

CVE-2021-37569

Affected Products

Mt7603E

Mt7613

Mt7615

Mt7622

Mt7628

Mt7629

Mt7915

Mediatek Microchips

PT-2021-5746 · Mediatek · Mt7628+7

CVE-2021-37569

Weakness Enumeration

Related Identifiers

Affected Products

References · 7