- Broadcom patched high-severity DoS flaw in chipset software
- ASUS RT-BE86U confirmed vulnerable; other models may be affected
- Attack crashes 5G Wi-Fi, requiring manual router restart
Broadcom has fixed a bug in its chipset software that allowed malicious actors to trigger denial of service (DoS) attacks on specific routers.
The vulnerability, which has not yet been assigned a CVE, has received a severity score of 8.4/10 (high), and customers are advised to contact Broadcom for further details on affected products, versions and patches.
Recently, security researchers from the Black Duck Cybersecurity Research Center (CyRC) tested the interoperability of Defensics® Fuzzing with 802.11 protocol test suites against ASUS routers.
Denial of service on the router
Defensics Fuzzing is an automated method of software security testing that sends large volumes of malformed and random input to a system to see how it behaves. CyRC generated malformed 802.11 (Wi‑Fi) protocol traffic and sent it to the Asus routers to see what happened – and the router crashed.
“During testing, the CyRC team discovered instances of Defensics anomaly testing that caused the network to shut down until the router was manually reset,” the researchers said in a security advisory.
“This vulnerability allows an attacker to make the access point unresponsive to all clients and terminate all ongoing client connections. If data transmission to subsequent systems is in progress, the data may be corrupted or, at a minimum, the transmission will be interrupted.”
In theory, a malicious actor could send a single frame over the air to the router, regardless of how secure the network is configured. Almost instantly, all clients on the 5G network will lose their signal and will only be able to reconnect when the router is manually restarted. Ethernet connections and the 2.4 GHz network are not affected by this bug, it was clarified.
Further investigation determined that the problem was with the Broadcom chipset software, and after contacting the manufacturer, the company came back with a fix.
So far, at least one model has been found vulnerable: the Asus RT-BE86U. However, CyRC said other devices using the same wireless chipset and/or associated software “could be similarly affected.” However, users are advised to contact Broadcom, as a complete list of affected products is not publicly available.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
