• October 05, 2024, 02:33:50 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: MediaTek WPS/IEEE-1905 Vulnerabilities: BadMesher - DIR-1750/1950  (Read 5795 times)

GreenBay42

  • Administrator
  • Level 11 Member
  • *
  • Posts: 2752

For updated information, affected products, and firmware patches, visit https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10288


On October 29, 2021, D-Link became aware of a number of potential MediaTek WiFi vulnerabilities involving Wi-Fi WPS/IEEE-1905 called BadMesher & Authentication Flooding. As soon as D-Link was made aware of the reported security issues, we had promptly started our investigation and began developing security patches.

D-Link takes the issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and implement appropriate security measures.

Report information

BadMesher: New Attack Surfaces of Wi-Fi Mesh Network. A Black Hat Briefing publicly disclose the technical details on some of the Wi-Fi Mesh vulnerabilities in MediaTek Wi-Fi chipsets that could allow a proximate attacker (within Wi-Fi range of both the client device and the access point) to inject malicious packets containing illegal WPS IE and might cause device reboot, denial of service or possible escalation of privilege.

  • CVE-2021-32467 : Out-of-bounds Read
  • CVE-2021-32468 : Out-of-bounds Read
  • CVE-2021-32469 : Out-of-bounds Read
  • CVE-2021-35055 : Out-of-bounds Write
  • CVE-2021-37560 : Out-of-bounds Write
  • CVE-2021-37561 : Out-of-bounds Write
  • CVE-2021-37562 : Out-of-bounds Read
  • CVE-2021-37563 : Out-of-bounds Write
  • CVE-2021-37584 : Out-of-bounds Write
  • CVE-2021-41788 : Mishandle attempts at Wi-Fi authentication flooding

« Last Edit: February 22, 2022, 02:43:08 PM by GreenBay42 »
Logged