Apparently there’s another chip level security flaw in Broadcom and Cypress wifi chips that allows a bad actor to trick the chip running an encrypted wifi connection to change the key to zero, thus causing the wifi going forward to be unencrypted. This is now CVE-2019-15126. More info below. Are Pepwave products vulnerable to this, and if so, any ideas whether it can be fixed?
Report from ESET who discovered the flaw here:
https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf
News article for the rest of us here:
https://www.theregister.co.uk/2020/02/27/wifi_chip_bug_eset/