CVE-2021-41788
HIGH WAF: Medium
CVSS 7.5
Published: 2021-12-26
CWE-20
MediaTek microchips, as used in NETGEAR devices through 2021-12-13 and other devices, mishandle attempts at Wi-Fi authentication flooding. (Affected Chipsets MT7603E, MT7612, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 7.4.0.0).
WAF Coverage Analysis
Improper Input Validation
Medium WAF Coverage
OWASP: A03:2021 Injection
920xxx - Protocol Enforcement 941xxx - XSS / XXE 942xxx - SQL Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| mediatek | mt7603e_firmware | 7.4.0.0 |
| mediatek | mt7612_firmware | 7.4.0.0 |
| mediatek | mt7613_firmware | 7.4.0.0 |
| mediatek | mt7615_firmware | 7.4.0.0 |
| mediatek | mt7622_firmware | 7.4.0.0 |
| mediatek | mt7628_firmware | 7.4.0.0 |
| mediatek | mt7629_firmware | 7.4.0.0 |
| mediatek | mt7915_firmware | 7.4.0.0 |
References
- corp.mediatek.com (Vendor Advisory)
- kb.netgear.com (Third Party Advisory)