There is an information disclosure vulnerability named Kr00k in Broadcom Wi-Fi chips. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic. (Vulnerability ID: HWPSIRT-2020-02164) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2019-15126. Huawei has released software updates to fix this vulnerability. This advisory is available at the following link: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en
Buy
There is an information disclosure vulnerability named Kr00k in Broadcom Wi-Fi chips. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic. (Vulnerability ID: HWPSIRT-2020-02164)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2019-15126.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en
Product Name |
Affected Version |
Resolved Product and Version |
AP7030DE |
V200R005C20 |
V200R019C00SPC800 |
V200R006C00 |
||
V200R006C10 |
||
V200R006C20 |
AP7000 V200R019C00SPC800 |
|
V200R007C10 |
||
V200R007C20 |
||
V200R008C00 |
||
V200R008C10 |
||
V200R010C00 |
||
V200R019C00 |
||
AP9330DN |
V200R005C20 |
AP9000 V200R019C00SPC800 |
V200R006C00 |
||
V200R006C10 |
||
V200R006C20 |
||
V200R007C10 |
||
V200R007C20 |
||
V200R008C00 |
||
V200R008C10 |
||
V200R010C00 |
V200R019C00SPC800 |
|
V200R019C00 |
By exploiting this vulnerability, an attacker may cause information disclosure.
The vulnerability classification has been performed by using the CVSSv3 scoring system (http://www.first.org/cvss/specification-document).
Base Score: 3.1 (AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Temporal Score: 2.9 (E:F/RL:O/RC:C)
This vulnerability can be exploited only when the following conditions are present:
The attacker gains access to the adjacent network.
Vulnerability details:
There is an information disclosure vulnerability named Kr00k in Broadcom Wi-Fi chips. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic.
Customers should contact Huawei TAC (Huawei Technical Assistance Center) to request the upgrades. For TAC contact information, please refer to Huawei worldwide website at http://www.huawei.com/en/psirt/report-vulnerabilities.
This vulnerability was publicly disclosed.
2020-07-17 V1.1 UPDATED Updated the "Software Versions and Fixes" section;
2020-05-27 V1.0 INITIAL
None
There is an information disclosure vulnerability named Kr00k in Broadcom Wi-Fi chips. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic. (Vulnerability ID: HWPSIRT-2020-02164)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2019-15126.
Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en
Product Name |
Affected Version |
Resolved Product and Version |
AP7030DE |
V200R005C20 |
V200R019C00SPC800 |
V200R006C00 |
||
V200R006C10 |
||
V200R006C20 |
AP7000 V200R019C00SPC800 |
|
V200R007C10 |
||
V200R007C20 |
||
V200R008C00 |
||
V200R008C10 |
||
V200R010C00 |
||
V200R019C00 |
||
AP9330DN |
V200R005C20 |
AP9000 V200R019C00SPC800 |
V200R006C00 |
||
V200R006C10 |
||
V200R006C20 |
||
V200R007C10 |
||
V200R007C20 |
||
V200R008C00 |
||
V200R008C10 |
||
V200R010C00 |
V200R019C00SPC800 |
|
V200R019C00 |
By exploiting this vulnerability, an attacker may cause information disclosure.
The vulnerability classification has been performed by using the CVSSv3 scoring system (http://www.first.org/cvss/specification-document).
Base Score: 3.1 (AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Temporal Score: 2.9 (E:F/RL:O/RC:C)
This vulnerability can be exploited only when the following conditions are present:
The attacker gains access to the adjacent network.
Vulnerability details:
There is an information disclosure vulnerability named Kr00k in Broadcom Wi-Fi chips. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic.
Customers should contact Huawei TAC (Huawei Technical Assistance Center) to request the upgrades. For TAC contact information, please refer to Huawei worldwide website at http://www.huawei.com/en/psirt/report-vulnerabilities.
This vulnerability was publicly disclosed.
2020-07-17 V1.1 UPDATED Updated the "Software Versions and Fixes" section;
2020-05-27 V1.0 INITIAL
None