By ASUS silently releases fix for their Broadcom-based wireless router for a serious flaw discovered on Broadcom based Wi-Fi client devices. Translating the issue in layman’s term, kr00k is a vulnerability that allows an encrypted WPA2 Wi-Fi traffic between the wireless router and wireless client to be decrypted.
Initially identified by a security company back in the August 17, 2019, almost one billion devices affected. Adding the salt to the injury, a few wireless routers and wireless access points affected by kr00k, resulting in the client devices running the latest patch, vulnerable. The company further suggesting it is recommended to check if there is any new security patches issued for your device from time-to-time.
ASUS on the other hand, issues a silent fix for the Broadcom-based wireless router secretly, however, not many users are aware of this.
Below are the a few identified wireless router models of ASUS issued with CVE-2019-151126 fix.
| Wireless Protocol | Wireless Class | Model | Chipset | Download Site |
|---|---|---|---|---|
| 802.11ac | ||||
| AC1900 | RT-AC68U | Broadcom BCM4708A0 | Download | |
| AC2900 | RT-AC86U | Broadcom BCM4906 | Download | |
| AC5300 | GT-AC5300 | Broadcom BCM4908 | Download | |
| 802.11ax | AX3000 | RT-AX3000 | Broadcom BCM6750 | Download |
Currently, only four models above are currently issued with the fix. It is still unsure, if more Broadcom-based ASUS router’s will receive the fix. If you’re using Asus-Merlin firmware for AC68U and AC86U, it is still unsure if the fix will patched in the upcoming 384.16 firmware.
UPDATE: As the 22nd of March, 2020, the following models: RT-N12D1, RT-AC1200G+, RT-AC5300, RT-AX88U, AiMesh AX6100 and GT-AX11000 are now fixed from kr00k (CVE-2019-151126) vulnerability.
Source: ESET
