HomePentest-Tools.com Logo

Huawei Data Communication: Information Disclosure Vulnerability (huawei-sa-20200527-01-wifi-en, Kr00k) CVE-2019-15126

Severity
CVSSv3 Score
3.1
Vulnerability description

Huawei Data Communication devices are prone to an information disclosure vulnerability dubbed Kr00k.

Risk description

An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device. The flaw lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic.

Recommendation

See the referenced vendor advisory for a solution.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Feb 5, 2020
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available