Out-of-Bounds Write Vulnerability in NETGEAR Devices Using MediaTek Chipsets
CVE-2021-35055

8.2HIGH

Key Information:

Vendor: Mediatek
Status: Mt7603e Firmware
Vendor: CVE Published:; 26 December 2021

Summary

MediaTek microchips used in certain NETGEAR devices mishandle the Wi-Fi Protected Setup (WPS) protocol, leading to an out-of-bounds write vulnerability. This flaw can allow unauthorized access or manipulation of data, impacting device integrity and security. The vulnerability affects a range of MediaTek chipsets, which have been integrated into NETGEAR devices prior to November 11, 2021. Users are encouraged to review security patches and advisories released by NETGEAR and MediaTek to mitigate risks.

References

https://kb.netgear.com/000064368/Security-Advisory-for-Wi...

x_refsource_MISC

https://corp.mediatek.com/product-security-bulletin/Janua...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 26, 2021
Vulnerability Reserved
Jun 21, 2021