MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds write).
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
History
21 Nov 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
References | () https://corp.mediatek.com/product-security-bulletin/January-2022 - Vendor Advisory | |
References | () https://kb.netgear.com/000064368/Security-Advisory-for-WiFi-WPS-and-IEEE-1905-Vulnerabilities-on-Multiple-Products-PSV-2021-0298-PSV-2021-0300 - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 9.3
v3 : 8.2 |
10 Jan 2022, 18:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-787 | |
CVSS |
v2 : v3 : |
v2 : 9.3
v3 : 8.8 |
CPE | cpe:2.3:h:mediatek:mt7628:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt7613:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt7615:-:*:*:*:*:*:*:* cpe:2.3:o:mediatek:mt7610_firmware:7.4.0.0:*:*:*:*:*:*:* cpe:2.3:o:mediatek:mt7603e_firmware:7.4.0.0:*:*:*:*:*:*:* cpe:2.3:o:mediatek:mt7629_firmware:7.4.0.0:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt7612:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt7629:-:*:*:*:*:*:*:* cpe:2.3:o:mediatek:mt7628_firmware:7.4.0.0:*:*:*:*:*:*:* cpe:2.3:o:mediatek:mt7622_firmware:7.4.0.0:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt7620:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt7915:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt7603e:-:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt7610:-:*:*:*:*:*:*:* cpe:2.3:o:mediatek:mt7915_firmware:7.4.0.0:*:*:*:*:*:*:* cpe:2.3:h:mediatek:mt7622:-:*:*:*:*:*:*:* cpe:2.3:o:mediatek:mt7615_firmware:7.4.0.0:*:*:*:*:*:*:* cpe:2.3:o:mediatek:mt7612_firmware:7.4.0.0:*:*:*:*:*:*:* cpe:2.3:o:mediatek:mt7613_firmware:7.4.0.0:*:*:*:*:*:*:* cpe:2.3:o:mediatek:mt7620_firmware:7.4.0.0:*:*:*:*:*:*:* |
|
References | (CONFIRM) https://corp.mediatek.com/product-security-bulletin/January-2022 - Vendor Advisory | |
References | (MISC) https://kb.netgear.com/000064368/Security-Advisory-for-WiFi-WPS-and-IEEE-1905-Vulnerabilities-on-Multiple-Products-PSV-2021-0298-PSV-2021-0300 - Third Party Advisory |
05 Jan 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
Summary | MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds write). | |
References |
|
26 Dec 2021, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-26 00:15
Updated : 2024-11-21 06:15
NVD link : CVE-2021-37560
Mitre link : CVE-2021-37560
CVE.ORG link : CVE-2021-37560
JSON object : View
Products Affected
mediatek
- mt7613
- mt7612_firmware
- mt7622_firmware
- mt7615_firmware
- mt7628
- mt7615
- mt7603e
- mt7629_firmware
- mt7915
- mt7603e_firmware
- mt7612
- mt7610
- mt7620_firmware
- mt7915_firmware
- mt7622
- mt7610_firmware
- mt7613_firmware
- mt7628_firmware
- mt7629
- mt7620
CWE
CWE-787
Out-of-bounds Write