- Broadcom has patched a high-severity DoS vulnerability in its chipset software
- ASUS RT-BE86U confirmed as vulnerable; other models may also be at risk
- Attack can crash 5G Wi-Fi, necessitating a manual router restart
Broadcom has addressed a significant flaw in its chipset software that could enable attackers to execute denial of service (DoS) attacks on certain routers.
This vulnerability, which has not yet received a CVE designation, has been rated with a severity score of 8.4 out of 10 (high). Users are encouraged to contact Broadcom for more information regarding affected products, versions, and available fixes.
Recently, security researchers from the Black Duck Cybersecurity Research Center (CyRC) tested the interoperability of the Defensics® Fuzzing tool with 802.11 protocol test suites on ASUS routers.
Denial of Service on the Router
Defensics Fuzzing is an automated software security testing technique that sends large volumes of malformed and random inputs to a system to observe its behavior. During their tests, CyRC generated malformed 802.11 (Wi-Fi) protocol traffic directed at ASUS routers, resulting in crashes.
“During testing, the CyRC team discovered Defensics anomaly test cases that caused the network to become nonfunctional until the router was manually reset,” the researchers noted in a security advisory.
“This vulnerability allows an attacker to render the access point unresponsive to all clients, terminating any ongoing client connections. If data transmission is in progress, it may become corrupted or, at the very least, interrupted.”
In theory, an attacker could send a single frame over the air to the router, irrespective of the configured network security level. Almost immediately, all clients on the 5G network would lose their connection and would be unable to reconnect until the router is manually restarted. Ethernet connections and the 2.4 GHz network remain unaffected by this issue.
A thorough investigation revealed that the issue stemmed from Broadcom's chipset software, prompting the manufacturer to issue a patch.
Currently, at least one model, the ASUS RT-BE86U, has been identified as vulnerable. However, CyRC indicated that other devices utilizing the same wireless chipset and/or associated software “may also be similarly affected.” Users are advised to contact Broadcom for confirmation, as a comprehensive list of impacted products is not publicly available.