CVE-2019-15126 (KrØØk vulnerability)

Apparently there’s another chip level security flaw in Broadcom and Cypress wifi chips that allows a bad actor to trick the chip running an encrypted wifi connection to change the key to zero, thus causing the wifi going forward to be unencrypted. This is now CVE-2019-15126. More info below. Are Pepwave products vulnerable to this, and if so, any ideas whether it can be fixed?

Report from ESET who discovered the flaw here:

News article for the rest of us here:


We do not use any Broadcom or Cypress Wi-Fi chipsets in any of our products so we are not affected by this exploit.