- Broadcom fixed a serious DoS bug in chipset software
- ASUS RT-BE86U Confirmed Vulnerable; other models may be affected
- Attack crashes 5G Wi-Fi, requiring manual restart of router
Broadcom has fixed a bug in its chipset software that allowed malicious actors to launch denial of service (DoS) attacks on specific routers.
The vulnerability, which has not yet been assigned a CVE, was given a severity score of 8.4/10 (high), and customers are advised to contact Broadcom for more details on affected products, versions and fixes.
Recently, security researchers from the Black Duck Cybersecurity Research Center (CyRC) tested the interoperability of DefensicsĀ® Fuzzing with 802.11 protocol test suites against ASUS routers.
Denial of service on the router
Defensics Fuzzing is an automated software security testing method that sends large amounts of malformed and random input to a system to see how it behaves. CyRC incorrectly generated 802.11 (Wi-Fi) protocol traffic and sent it to Asus routers to see what happened – and the router crashed.
“During testing, the CyRC team found Defensics anomaly test cases that caused the network to stop working until the router was manually reset,” the researchers said in a security advisory.
“This vulnerability allows an attacker to cause the access point to become unresponsive to all clients and terminate any ongoing client connections. If data transfer to downstream systems is in progress, the data could be corrupted or, at a minimum, the transmission would be interrupted.”
In theory, a threat actor could send a single frame wirelessly to the router, regardless of the configured network security level. Almost instantly, all clients on the 5G network will lose their signal and will not be able to reconnect until the router is manually restarted. Ethernet connections and the 2.4GHz network are not affected by this bug, it said.
A deeper investigation determined that the problem was in Broadcom chipset software, and after contacting the manufacturer, the company came back with a patch.
So far, at least one model has been found to be vulnerable: the Asus RT-BE86U. However, CyRC said other devices using the same wireless chipset and/or associated software “may be similarly affected”. However, to be sure, users are advised to contact Broadcom as a comprehensive list of affected products is not publicly available.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
