WPS Protocol Vulnerability in MediaTek Chipsets Used by NETGEAR Devices
CVE-2021-32467

8.2HIGH

Key Information:

Vendor: Mediatek
Status: Mt7603e Firmware
Vendor: CVE Published:; 26 December 2021

Summary

MediaTek chipsets, deployed in a range of NETGEAR devices, contain vulnerabilities related to the Wifi Protected Setup (WPS) protocol. This flaw allows for mishandling of input, specifically leading to potential out-of-bounds reads that could be exploited by an attacker. Device models utilizing affected chipsets like MT7603E, MT7610, MT7612, and others are particularly susceptible. Users are recommended to apply security updates to mitigate these vulnerabilities as outlined in advisories from NETGEAR and MediaTek.

References

https://kb.netgear.com/000064368/Security-Advisory-for-Wi...

x_refsource_MISC

https://corp.mediatek.com/product-security-bulletin/Janua...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 26, 2021
Vulnerability Reserved
May 7, 2021