CVE-2021-37567
📋 TL;DR
This vulnerability in MediaTek wireless chipsets allows attackers to perform out-of-bounds reads via mishandled IEEE 1905 protocol packets. It affects NETGEAR and other devices using specified MediaTek chipsets, potentially exposing sensitive memory contents. The vulnerability requires network access to the affected wireless interface.
💻 Affected Systems
- NETGEAR devices with specified MediaTek chipsets
- Other devices using MediaTek MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915 chipsets
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Information disclosure of sensitive memory contents, potentially including authentication credentials, encryption keys, or other system data that could lead to further compromise.
Likely Case
Information leakage of adjacent memory contents, which could reveal system information or partial data that aids attackers in reconnaissance.
If Mitigated
No impact if proper network segmentation and access controls prevent unauthorized access to wireless interfaces.
🎯 Exploit Status
Exploitation requires sending specially crafted IEEE 1905 protocol packets to the vulnerable wireless interface. No authentication is required, but attackers need network access to the interface.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after 2.0.2
Vendor Advisory: https://corp.mediatek.com/product-security-bulletin/January-2022
Restart Required: Yes
Instructions:
1. Check device manufacturer for firmware updates. 2. Download latest firmware from vendor website. 3. Apply firmware update following manufacturer instructions. 4. Reboot device to activate patched firmware.
🔧 Temporary Workarounds
Disable IEEE 1905 protocol
allDisable the IEEE 1905 protocol if not required for network functionality
Check device web interface or CLI for IEEE 1905/EasyMesh settings
Network segmentation
allIsolate affected wireless interfaces from untrusted networks
Configure VLANs to separate wireless traffic
Implement firewall rules to restrict access to wireless interfaces
🧯 If You Can't Patch
- Segment affected devices on isolated network segments
- Implement strict firewall rules to limit access to wireless management interfaces
🔍 How to Verify
Check if Vulnerable:
Check device firmware version and chipset model. If using MediaTek MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, or MT7915 with firmware version 2.0.2 or earlier, device is vulnerable.Check Version:
Check device web interface or use manufacturer-specific CLI commands (varies by device)Verify Fix Applied:
Verify firmware version is updated to version after 2.0.2. Check vendor patch notes for specific fixed versions.📡 Detection & Monitoring
Log Indicators:
- Unusual IEEE 1905 protocol traffic
- Memory access errors in system logs
- Unexpected device reboots or instability
Network Indicators:
- Unusual IEEE 1905 protocol packets to wireless interfaces
- Traffic patterns suggesting reconnaissance of wireless interfaces
SIEM Query:
Search for IEEE 1905 protocol anomalies or memory access errors in device logs🔗 References
- https://corp.mediatek.com/product-security-bulletin/January-2022
- https://kb.netgear.com/000064368/Security-Advisory-for-WiFi-WPS-and-IEEE-1905-Vulnerabilities-on-Multiple-Products-PSV-2021-0298-PSV-2021-0300
- https://corp.mediatek.com/product-security-bulletin/January-2022
- https://kb.netgear.com/000064368/Security-Advisory-for-WiFi-WPS-and-IEEE-1905-Vulnerabilities-on-Multiple-Products-PSV-2021-0298-PSV-2021-0300
