CVE-2021-35055 – This vulnerability in MediaTek Wi-Fi chipsets a... (How to Fix)

Q: What is the severity of CVE-2021-35055?

CVE-2021-35055 has a CVSS score of 8.2 (HIGH). This vulnerability in MediaTek Wi-Fi chipsets allows attackers to execute arbitrary code or cause denial of service via an out-of-bounds write in WPS protocol handling. It affects NETGEAR and other devices using specified MediaTek chipsets. The vulnerability requires proximity to the wireless network but doesn't require authentication.

📋 TL;DR

This vulnerability in MediaTek Wi-Fi chipsets allows attackers to execute arbitrary code or cause denial of service via an out-of-bounds write in WPS protocol handling. It affects NETGEAR and other devices using specified MediaTek chipsets. The vulnerability requires proximity to the wireless network but doesn't require authentication.

💻 Affected Systems

Products:

NETGEAR routers and access points with MediaTek chipsets
Other devices using affected MediaTek Wi-Fi chipsets

Versions: Software versions up to and including 7.4.0.0

Operating Systems: Embedded firmware on affected devices

Default Config Vulnerable: ⚠️ Yes

Notes: Devices must have WPS enabled to be vulnerable. Affects chipsets: MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, persistent backdoor installation, and lateral movement within the network.

🟠

Likely Case

Denial of service causing Wi-Fi disruption, potential for limited code execution depending on exploit sophistication.

🟢

If Mitigated

Minimal impact with proper network segmentation and WPS disabled.

🌐 Internet-Facing: MEDIUM - Requires proximity to wireless network but doesn't need authentication.

🏢 Internal Only: HIGH - Internal attackers or compromised devices can exploit this without authentication.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires proximity to wireless network and WPS to be enabled. No public exploit code available as of knowledge cutoff.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 7.4.0.0

Vendor Advisory: https://kb.netgear.com/000064368/Security-Advisory-for-WiFi-WPS-and-IEEE-1905-Vulnerabilities-on-Multiple-Products-PSV-2021-0298-PSV-2021-0300

Restart Required: Yes

Instructions:

1. Check NETGEAR support site for your device model. 2. Download latest firmware. 3. Upload firmware via web interface. 4. Reboot device after update.

🔧 Temporary Workarounds

Disable WPS

all

Turn off Wi-Fi Protected Setup feature on affected devices

Network Segmentation

all

Isolate affected devices on separate VLANs

🧯 If You Can't Patch

Disable WPS feature immediately on all affected devices
Implement strict network segmentation to limit potential lateral movement

🔍 How to Verify

Check if Vulnerable:

Check device firmware version and WPS status in web interface. If version is 7.4.0.0 or earlier and WPS is enabled, device is vulnerable.

Check Version:

Check via device web interface under Administration or Firmware section

Verify Fix Applied:

Verify firmware version is newer than 7.4.0.0 in device administration interface.

📡 Detection & Monitoring

Log Indicators:

Multiple WPS connection attempts
Unexpected device reboots
Wi-Fi service disruptions

Network Indicators:

Unusual WPS protocol traffic
Malformed WPS packets
Wi-Fi beacon anomalies

SIEM Query:

source="router_logs" AND ("WPS" OR "Wi-Fi Protected Setup") AND ("error" OR "failure" OR "crash")

📊 Metadata

CVE ID: CVE-2021-35055

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

CWE: CWE-787

Published: December 26, 2021

Last Updated: November 21, 2024

🔗 References

https://corp.mediatek.com/product-security-bulletin/January-2022 Vendor Advisory
https://kb.netgear.com/000064368/Security-Advisory-for-WiFi-WPS-and-IEEE-1905-Vulnerabilities-on-Multiple-Products-PSV-2021-0298-PSV-2021-0300 Third Party Advisory
https://corp.mediatek.com/product-security-bulletin/January-2022 Vendor Advisory
https://kb.netgear.com/000064368/Security-Advisory-for-WiFi-WPS-and-IEEE-1905-Vulnerabilities-on-Multiple-Products-PSV-2021-0298-PSV-2021-0300 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-35055, you might also want to check these: