CVE-2021-37560

moderate-risk

Published 2021-12-26

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds write).

Do I need to act?

0.36% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.2/10 High

NETWORK / LOW complexity

Affected Products (10)

Mt7603E Firmware

Mt7612 Firmware

Mt7613 Firmware

Mt7615 Firmware

Mt7622 Firmware

Mt7628 Firmware

Mt7629 Firmware

Mt7915 Firmware

Mt7620 Firmware

Mt7610 Firmware

Affected Vendors

Mediatek

References (4)

Vendor Advisory https://corp.mediatek.com/product-security-bulletin/January-2022

Third Party Advisory https://kb.netgear.com/000064368/Security-Advisory-for-WiFi-WPS-and-IEEE-1905-Vu...

Vendor Advisory https://corp.mediatek.com/product-security-bulletin/January-2022

Third Party Advisory https://kb.netgear.com/000064368/Security-Advisory-for-WiFi-WPS-and-IEEE-1905-Vu...

/ 100

moderate-risk

Severity 28/34 · Critical

Exploitability 1/34 · Minimal

Exposure 16/34 · Moderate