CVE-2021-37561 – This vulnerability in MediaTek Wi-Fi chipsets a... (How to Fix)

Q: What is the severity of CVE-2021-37561?

CVE-2021-37561 has a CVSS score of 8.2 (HIGH). This vulnerability in MediaTek Wi-Fi chipsets allows attackers to execute arbitrary code via an out-of-bounds write in the WPS protocol implementation. Affected devices include NETGEAR routers and other products using specified MediaTek chipsets. The vulnerability requires proximity to the wireless network but can lead to complete device compromise.

📋 TL;DR

This vulnerability in MediaTek Wi-Fi chipsets allows attackers to execute arbitrary code via an out-of-bounds write in the WPS protocol implementation. Affected devices include NETGEAR routers and other products using specified MediaTek chipsets. The vulnerability requires proximity to the wireless network but can lead to complete device compromise.

💻 Affected Systems

Products:

NETGEAR routers with MediaTek chipsets
Other devices using affected MediaTek chipsets

Versions: Software version 7.4.0.0 and earlier

Operating Systems: Embedded firmware on affected devices

Default Config Vulnerable: ⚠️ Yes

Notes: Affects chipsets: MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full device compromise, persistence, network pivoting, and data interception

🟠

Likely Case

Device takeover enabling network monitoring, credential theft, and botnet recruitment

🟢

If Mitigated

Limited impact if WPS is disabled and proper network segmentation is implemented

🌐 Internet-Facing: HIGH - Routers are often internet-facing and WPS can be triggered remotely

🏢 Internal Only: MEDIUM - Requires wireless proximity but internal devices could be targeted

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires wireless proximity and WPS protocol interaction

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor-specific firmware updates

Vendor Advisory: https://corp.mediatek.com/product-security-bulletin/January-2022

Restart Required: Yes

Instructions:

1. Check NETGEAR or device manufacturer website for firmware updates. 2. Download latest firmware for your model. 3. Upload via device admin interface. 4. Reboot device.

🔧 Temporary Workarounds

Disable WPS

all

Turn off Wi-Fi Protected Setup feature on affected devices

Network Segmentation

all

Isolate affected devices from critical network segments

🧯 If You Can't Patch

Disable WPS functionality immediately
Replace affected devices with non-MediaTek alternatives

🔍 How to Verify

Check if Vulnerable:

Check device model and firmware version against vendor advisories

Check Version:

Check device admin interface or use vendor-specific CLI commands

Verify Fix Applied:

Verify firmware version is updated beyond vulnerable version and WPS is disabled

📡 Detection & Monitoring

Log Indicators:

Unusual WPS protocol activity
Multiple failed WPS connection attempts
Firmware modification logs

Network Indicators:

Abnormal WPS traffic patterns
Unexpected device reboots
Suspicious outbound connections from router

SIEM Query:

device_type:router AND (event_type:wps_anomaly OR firmware_change)

📊 Metadata

CVE ID: CVE-2021-37561

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

CWE: CWE-787

Published: December 26, 2021

Last Updated: November 21, 2024

🔗 References

https://corp.mediatek.com/product-security-bulletin/January-2022 Vendor Advisory
https://kb.netgear.com/000064368/Security-Advisory-for-WiFi-WPS-and-IEEE-1905-Vulnerabilities-on-Multiple-Products-PSV-2021-0298-PSV-2021-0300 Third Party Advisory
https://corp.mediatek.com/product-security-bulletin/January-2022 Vendor Advisory
https://kb.netgear.com/000064368/Security-Advisory-for-WiFi-WPS-and-IEEE-1905-Vulnerabilities-on-Multiple-Products-PSV-2021-0298-PSV-2021-0300 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-37561, you might also want to check these: