CVE-2021-37565 – This vulnerability in MediaTek Wi-Fi chipsets a... (How to Fix)

Q: What is the severity of CVE-2021-37565?

CVE-2021-37565 has a CVSS score of 8.2 (HIGH). This vulnerability in MediaTek Wi-Fi chipsets allows attackers to perform out-of-bounds reads via IEEE 1905 protocol handling. It affects NETGEAR and other devices using specified MediaTek chipsets. Successful exploitation could lead to information disclosure or system crashes.

📋 TL;DR

This vulnerability in MediaTek Wi-Fi chipsets allows attackers to perform out-of-bounds reads via IEEE 1905 protocol handling. It affects NETGEAR and other devices using specified MediaTek chipsets. Successful exploitation could lead to information disclosure or system crashes.

💻 Affected Systems

Products:

NETGEAR devices with MediaTek chipsets
Other devices using affected MediaTek chipsets

Versions: Software versions up to 2.0.2

Operating Systems: Embedded/Linux-based firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects chipsets: MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915. Requires IEEE 1905 protocol handling.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, though out-of-bounds read typically enables information disclosure or denial of service.

🟠

Likely Case

Information disclosure of kernel memory or device crash/reboot causing denial of service.

🟢

If Mitigated

Limited impact with proper network segmentation and updated firmware.

🌐 Internet-Facing: HIGH - Affects Wi-Fi access points and routers directly exposed to network traffic.

🏢 Internal Only: MEDIUM - Requires network access but could be exploited internally.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending specially crafted IEEE 1905 protocol packets to vulnerable devices.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 2.0.2

Vendor Advisory: https://corp.mediatek.com/product-security-bulletin/January-2022

Restart Required: Yes

Instructions:

1. Check device model and current firmware version. 2. Download latest firmware from vendor website. 3. Apply firmware update via device web interface or management tool. 4. Reboot device after update.

🔧 Temporary Workarounds

Disable IEEE 1905 protocol

all

If supported, disable IEEE 1905 protocol handling on affected devices

Network segmentation

all

Isolate affected devices from untrusted networks

🧯 If You Can't Patch

Segment affected devices on isolated VLANs
Implement network monitoring for anomalous IEEE 1905 traffic

🔍 How to Verify

Check if Vulnerable:

Check device firmware version and chipset model. If using affected MediaTek chipsets with firmware ≤2.0.2, device is vulnerable.

Check Version:

Check via device web interface under Administration or System Status, or use vendor-specific CLI commands.

Verify Fix Applied:

Verify firmware version is updated beyond 2.0.2 and check vendor patch notes.

📡 Detection & Monitoring

Log Indicators:

Unexpected device reboots
Kernel panic logs
Memory access violation errors

Network Indicators:

Anomalous IEEE 1905 protocol traffic
Unexpected packets to Wi-Fi management interfaces

SIEM Query:

Search for: device_model IN (affected_models) AND (event_type='crash' OR event_type='reboot') OR protocol='IEEE1905' AND anomaly_score>threshold

📊 Metadata

CVE ID: CVE-2021-37565

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

CWE: CWE-125

Published: December 26, 2021

Last Updated: November 21, 2024

🔗 References

https://corp.mediatek.com/product-security-bulletin/January-2022 Vendor Advisory
https://kb.netgear.com/000064368/Security-Advisory-for-WiFi-WPS-and-IEEE-1905-Vulnerabilities-on-Multiple-Products-PSV-2021-0298-PSV-2021-0300 Third Party Advisory
https://corp.mediatek.com/product-security-bulletin/January-2022 Vendor Advisory
https://kb.netgear.com/000064368/Security-Advisory-for-WiFi-WPS-and-IEEE-1905-Vulnerabilities-on-Multiple-Products-PSV-2021-0298-PSV-2021-0300 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-37565, you might also want to check these: