CVE-2021-41788

Published: Dec 26, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

MediaTek microchips, as used in NETGEAR devices through 2021-12-13 and other devices, mishandle attempts at Wi-Fi authentication flooding. (Affected Chipsets MT7603E, MT7612, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0).

Affected (8)

Products: Mediatek: Mt7603e Firmware, Mt7612 Firmware, Mt7613 Firmware, Mt7615 Firmware, Mt7622 Firmware, Mt7628 Firmware, Mt7629 Firmware, Mt7915 Firmware

8 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mediatek Mt7603e Firmware	Version 7.4.0.0

Running on/with	Platform Versions
Mediatek Mt7603e	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mediatek Mt7612 Firmware	Version 7.4.0.0

Running on/with	Platform Versions
Mediatek Mt7612	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mediatek Mt7613 Firmware	Version 7.4.0.0

Running on/with	Platform Versions
Mediatek Mt7613	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mediatek Mt7615 Firmware	Version 7.4.0.0

Running on/with	Platform Versions
Mediatek Mt7615	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mediatek Mt7622 Firmware	Version 7.4.0.0

Running on/with	Platform Versions
Mediatek Mt7622	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mediatek Mt7628 Firmware	Version 7.4.0.0

Running on/with	Platform Versions
Mediatek Mt7628	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mediatek Mt7629 Firmware	Version 7.4.0.0

Running on/with	Platform Versions
Mediatek Mt7629	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mediatek Mt7915 Firmware	Version 7.4.0.0

Running on/with	Platform Versions
Mediatek Mt7915	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

https://corp.mediatek.com/product-security-bulletin/January-2022

Source: cve@mitre.org

Vendor Advisory

https://kb.netgear.com/000064369/Security-Advisory-for-WiFi-Authentication-Flooding-Vulnerabilities-on-Multiple-Products-PSV-2021-0299-PSV-2021-0301

Source: cve@mitre.org

Third Party Advisory

https://corp.mediatek.com/product-security-bulletin/January-2022

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://kb.netgear.com/000064369/Security-Advisory-for-WiFi-Authentication-Flooding-Vulnerabilities-on-Multiple-Products-PSV-2021-0299-PSV-2021-0301

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.