kr00k: [UPDATED] ASUS Issues CVE-2019-15126 Fix for Selected Wireless Routers – Update your router’s firmware as soon as possible!

ASUS silently releases fix for their Broadcom-based wireless router for a serious flaw discovered on Broadcom based Wi-Fi client devices. Translating the issue in layman’s term, kr00k is a vulnerability that allows an encrypted WPA2 Wi-Fi traffic between the wireless router and wireless client to be decrypted.

Initially identified by a security company back in the August 17, 2019, almost one billion devices affected. Adding the salt to the injury, a few wireless routers and wireless access points affected by kr00k, resulting in the client devices running the latest patch, vulnerable. The company further suggesting it is recommended to check if there is any new security patches issued for your device from time-to-time.

ASUS on the other hand, issues a silent fix for the Broadcom-based wireless router secretly, however, not many users are aware of this.

kr00k: ASUS Issues CVE-2019-15126 Fix for Selected Wireless Routers - RT-AC86U CVE-2019-15126 (kr00k) fix

Below are the a few identified wireless router models of ASUS issued with CVE-2019-151126 fix.

Wireless Protocol Wireless Class Model Chipset Download Site
AC1900 RT-AC68U Broadcom BCM4708A0 Download
AC2900 RT-AC86U Broadcom BCM4906 Download
AC5300 GT-AC5300 Broadcom BCM4908 Download
802.11ax AX3000 RT-AX3000 Broadcom BCM6750 Download

Currently, only four models above are currently issued with the fix. It is still unsure, if more Broadcom-based ASUS router’s will receive the fix. If you’re using Asus-Merlin firmware for AC68U and AC86U, it is still unsure if the fix will patched in the upcoming 384.16 firmware.

UPDATE: As the 22nd of March, 2020, the following models: RT-N12D1, RT-AC1200G+, RT-AC5300, RT-AX88U, AiMesh AX6100 and GT-AX11000 are now fixed from kr00k (CVE-2019-151126) vulnerability.

Source: ESET

Categories: News

Tagged as: , , , ,

Leave a Reply