CVE-2021-37563 – This vulnerability in MediaTek Wi-Fi chipsets a... (How to Fix)

Q: What is the severity of CVE-2021-37563?

CVE-2021-37563 has a CVSS score of 8.2 (HIGH). This vulnerability in MediaTek Wi-Fi chipsets allows attackers to execute arbitrary code or cause denial of service via an out-of-bounds write during WPS protocol handling. It affects NETGEAR and other devices using specified MediaTek chipsets with firmware version 7.4.0.0. The vulnerability requires proximity to the wireless network but can be exploited without authentication.

📋 TL;DR

This vulnerability in MediaTek Wi-Fi chipsets allows attackers to execute arbitrary code or cause denial of service via an out-of-bounds write during WPS protocol handling. It affects NETGEAR and other devices using specified MediaTek chipsets with firmware version 7.4.0.0. The vulnerability requires proximity to the wireless network but can be exploited without authentication.

💻 Affected Systems

Products:

NETGEAR routers and access points with MediaTek chipsets
Other devices using affected MediaTek chipsets

Versions: Firmware version 7.4.0.0

Operating Systems: Embedded/Linux-based router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists when WPS is enabled; many devices enable WPS by default. Affects chipsets: MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, network infiltration, and persistent backdoor installation.

🟠

Likely Case

Denial of service causing Wi-Fi disruption, potential device crash/reboot, and limited information disclosure.

🟢

If Mitigated

No impact if WPS is disabled or devices are patched; otherwise, denial of service remains possible.

🌐 Internet-Facing: MEDIUM - Requires proximity to wireless network but no authentication needed; affects consumer/enterprise networking equipment.

🏢 Internal Only: MEDIUM - Same exploit requirements but limited to internal wireless networks; could facilitate lateral movement.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires proximity to wireless network and WPS protocol knowledge. No public exploit code available as of advisory publication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor-specific firmware updates (NETGEAR released patches in January 2022)

Vendor Advisory: https://kb.netgear.com/000064368/Security-Advisory-for-WiFi-WPS-and-IEEE-1905-Vulnerabilities-on-Multiple-Products-PSV-2021-0298-PSV-2021-0300

Restart Required: Yes

Instructions:

1. Check NETGEAR support site for your device model. 2. Download latest firmware. 3. Upload via web interface. 4. Reboot device. 5. Verify firmware version updated.

🔧 Temporary Workarounds

Disable WPS

all

Turn off Wi-Fi Protected Setup feature to prevent exploitation

Network segmentation

all

Isolate affected devices on separate VLANs to limit potential impact

🧯 If You Can't Patch

Disable WPS immediately in device administration interface
Implement network monitoring for WPS protocol anomalies and device crashes

🔍 How to Verify

Check if Vulnerable:

Check device firmware version and WPS status in administration interface. If firmware is 7.4.0.0 and WPS enabled, device is vulnerable.

Check Version:

Device-specific; typically via web interface at Status > Firmware or using CLI commands for advanced devices

Verify Fix Applied:

Verify firmware version is updated beyond 7.4.0.0 and check vendor patch notes for CVE-2021-37563 inclusion.

📡 Detection & Monitoring

Log Indicators:

Unexpected device reboots
WPS protocol errors
Memory corruption warnings in system logs

Network Indicators:

Abnormal WPS protocol traffic patterns
Multiple WPS connection attempts from single source

SIEM Query:

Search for: (device_type:router OR device_type:ap) AND (event:"WPS error" OR event:"memory corruption" OR event:"unexpected reboot")

📊 Metadata

CVE ID: CVE-2021-37563

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

CWE: CWE-787

Published: December 26, 2021

Last Updated: November 21, 2024

🔗 References

https://corp.mediatek.com/product-security-bulletin/January-2022 Vendor Advisory
https://kb.netgear.com/000064368/Security-Advisory-for-WiFi-WPS-and-IEEE-1905-Vulnerabilities-on-Multiple-Products-PSV-2021-0298-PSV-2021-0300 Third Party Advisory
https://corp.mediatek.com/product-security-bulletin/January-2022 Vendor Advisory
https://kb.netgear.com/000064368/Security-Advisory-for-WiFi-WPS-and-IEEE-1905-Vulnerabilities-on-Multiple-Products-PSV-2021-0298-PSV-2021-0300 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-37563, you might also want to check these: