CVE-2021-35055

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds write).

Published: Dec 26, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-35055
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
mediatek / mt7603e_firmware	7.4.0.0	7.4.0.0.x
mediatek / mt7612_firmware	7.4.0.0	7.4.0.0.x
mediatek / mt7613_firmware	7.4.0.0	7.4.0.0.x
mediatek / mt7615_firmware	7.4.0.0	7.4.0.0.x
mediatek / mt7622_firmware	7.4.0.0	7.4.0.0.x
mediatek / mt7628_firmware	7.4.0.0	7.4.0.0.x
mediatek / mt7629_firmware	7.4.0.0	7.4.0.0.x
mediatek / mt7915_firmware	7.4.0.0	7.4.0.0.x
mediatek / mt7620_firmware	7.4.0.0	7.4.0.0.x
mediatek / mt7610_firmware	7.4.0.0	7.4.0.0.x

Vulnerability Database

289,871

CVE-2021-35055