CVE-2019-15126 (KrØØk vulnerability)

Apparently there’s another chip level security flaw in Broadcom and Cypress wifi chips that allows a bad actor to trick the chip running an encrypted wifi connection to change the key to zero, thus causing the wifi going forward to be unencrypted. This is now CVE-2019-15126. More info below. Are Pepwave products vulnerable to this, and if so, any ideas whether it can be fixed?

Report from ESET who discovered the flaw here:
https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf

News article for the rest of us here:
https://www.theregister.co.uk/2020/02/27/wifi_chip_bug_eset/

@mjburns,

We do not use any Broadcom or Cypress Wi-Fi chipsets in any of our products so we are not affected by this exploit.

Thanks

5 Likes