CVE-2021-32484 – This vulnerability allows remote attackers to c... (How to Fix)

Q: What is the severity of CVE-2021-32484?

CVE-2021-32484 has a CVSS score of 7.5 (HIGH). This vulnerability allows remote attackers to cause a denial of service via a heap buffer overflow in the 2G Radio Resource Management (RRM) modem component. It affects devices using MediaTek modems with the vulnerable firmware. No user interaction or special privileges are required for exploitation.

📋 TL;DR

This vulnerability allows remote attackers to cause a denial of service via a heap buffer overflow in the 2G Radio Resource Management (RRM) modem component. It affects devices using MediaTek modems with the vulnerable firmware. No user interaction or special privileges are required for exploitation.

💻 Affected Systems

Products:

MediaTek modem chipsets

Versions: Specific firmware versions with MOLY00500621 vulnerability

Operating Systems: Android and other OS using affected MediaTek modems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with 2G cellular capability using vulnerable MediaTek modem firmware.

📦 What is this software?

Modem by Mediatek

View all CVEs affecting Modem →

Modem by Mediatek

View all CVEs affecting Modem →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash requiring device reboot, potentially disrupting cellular connectivity and device functionality.

🟠

Likely Case

Temporary denial of service affecting cellular connectivity until device reboots.

🟢

If Mitigated

No impact if patched; limited impact if network controls block malicious 2G traffic.

🌐 Internet-Facing: MEDIUM - Requires proximity to cellular network but no authentication needed.

🏢 Internal Only: LOW - Primarily affects cellular network interfaces, not typical internal networks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires sending specially crafted 2G network packets to vulnerable device.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware with patch ID MOLY00500621

Vendor Advisory: https://corp.mediatek.com/product-security-bulletin/September-2021

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply MediaTek modem firmware update containing patch MOLY00500621. 3. Reboot device after update.

🔧 Temporary Workarounds

Disable 2G connectivity

android

Configure device to use only 3G/4G/5G networks to avoid 2G attack vector

Settings > Network & Internet > Mobile network > Preferred network type > Select 3G/4G/5G only

🧯 If You Can't Patch

Implement network-level filtering to block suspicious 2G traffic
Use device management policies to restrict cellular network access in high-risk environments

🔍 How to Verify

Check if Vulnerable:

Check modem firmware version against MediaTek security bulletin for affected versions

Check Version:

adb shell getprop | grep gsm.version.baseband (for Android devices)

Verify Fix Applied:

Verify modem firmware has been updated to version containing patch MOLY00500621

📡 Detection & Monitoring

Log Indicators:

Modem crash logs
Unexpected device reboots
Cellular connectivity loss events

Network Indicators:

Unusual 2G network traffic patterns
Malformed 2G protocol packets

SIEM Query:

EventID: DeviceCrash AND Source: Modem OR EventID: NetworkDisconnect AND Interface: Cellular

📊 Metadata

CVE ID: CVE-2021-32484

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-787

Published: September 9, 2021

Last Updated: November 21, 2024

🔗 References

https://corp.mediatek.com/product-security-bulletin/September-2021 Vendor Advisory
https://corp.mediatek.com/product-security-bulletin/September-2021 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-32484, you might also want to check these: