Huawei Data Communication: Information Disclosure Vulnerability (huawei-sa-20200527-01-wifi-en, Kr00k) CVE-2019-15126
- CVSSv3 Score
- Vulnerability description
Huawei Data Communication devices are prone to an information disclosure vulnerability dubbed Kr00k.
- Risk description
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device. The flaw lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic.
See the referenced vendor advisory for a solution.
- Not available