CVE-2021-35055
First published: Sat Dec 25 2021(Updated: )
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0; Out-of-bounds write).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MediaTek MT7603E firmware | =7.4.0.0 | |
| MediaTek MT7603E firmware | ||
| MediaTek MT7612 firmware | =7.4.0.0 | |
| MediaTek MT7612 firmware | ||
| MediaTek MT7613 Firmware | =7.4.0.0 | |
| MediaTek MT7613 | ||
| MediaTek MT7615 Firmware | =7.4.0.0 | |
| MediaTek MT7615 Firmware | ||
| MediaTek MT7622 | =7.4.0.0 | |
| MediaTek MT7622 Firmware | ||
| mediatek mt7628 firmware | =7.4.0.0 | |
| MediaTek MT7628 | ||
| MediaTek MT7629 | =7.4.0.0 | |
| MediaTek MT7629 Firmware | ||
| mediatek mt7915 firmware | =7.4.0.0 | |
| Mediatek MT7915 | ||
| MediaTek MT7620 firmware | =7.4.0.0 | |
| MediaTek MT7620 | ||
| MediaTek MT7610 | =7.4.0.0 | |
| MediaTek MT7610 firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-35055.
Which devices are affected by this vulnerability?
This vulnerability affects MediaTek microchips as used in NETGEAR devices through 2021-11-11 and other devices.
What is the severity of CVE-2021-35055?
The severity of CVE-2021-35055 is critical with a CVSS score of 8.8.
How does this vulnerability impact the WPS protocol?
This vulnerability in MediaTek microchips mishandles the WPS (Wi-Fi Protected Setup) protocol.
How can I fix this vulnerability?
To fix this vulnerability, it is recommended to refer to the security advisories and patches provided by MediaTek and NETGEAR.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mediatek
- canonical/mediatek mt7603e firmware
- version/mediatek mt7603e firmware/7.4.0.0
- canonical/mediatek mt7612 firmware
- version/mediatek mt7612 firmware/7.4.0.0
- canonical/mediatek mt7613 firmware
- version/mediatek mt7613 firmware/7.4.0.0
- canonical/mediatek mt7613
- canonical/mediatek mt7615 firmware
- version/mediatek mt7615 firmware/7.4.0.0
- canonical/mediatek mt7622
- version/mediatek mt7622/7.4.0.0
- canonical/mediatek mt7622 firmware
- canonical/mediatek mt7628 firmware
- version/mediatek mt7628 firmware/7.4.0.0
- canonical/mediatek mt7628
- canonical/mediatek mt7629
- version/mediatek mt7629/7.4.0.0
- canonical/mediatek mt7629 firmware
- canonical/mediatek mt7915 firmware
- version/mediatek mt7915 firmware/7.4.0.0
- canonical/mediatek mt7915
- canonical/mediatek mt7620 firmware
- version/mediatek mt7620 firmware/7.4.0.0
- canonical/mediatek mt7620
- canonical/mediatek mt7610
- version/mediatek mt7610/7.4.0.0
- canonical/mediatek mt7610 firmware