What's new

Kr00k protection for ASUS routers?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Which firmware version is needed to protect ASUS routers against Kr00k?

https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf

(if vulnerable; only the Asus RT-N12 is mentioned in the PDF?)

https://nvd.nist.gov/vuln/detail/CVE-2019-15126


https://apnews.com/Business Wire/077a62cfbba640ba8e7445efd3299778
Kr00k affects all devices with Broadcom and Cypress Wi-Fi chips that remain unpatched. These are the most common Wi-Fi chips used in today’s client devices. Wi-Fi access points and routers are also affected by the vulnerability, making even environments with patched client devices vulnerable. ESET tested and confirmed that among the vulnerable devices were client devices by Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3) and Xiaomi (Redmi), as well as access points by Asus and Huawei.

ESET responsibly disclosed the vulnerability to the chip manufacturers Broadcom and Cypress, who subsequently released patches.

https://www.bleepingcomputer.com/ne...dcom-cypress-wifi-chips-leaks-sensitive-info/

This one lists some devices.
 
Last edited:
only the Asus RT-N12 is listed there for Asus.
 
Thanks for jumpimg right in and clarifying that. Who knew?

lol I didn't notice that at the end of his post.

As I wrote that reply while multitasking at work :)
 
Last edited:
All the ASUS routers/access points use the Broadcom chipset so I can’t imagine that the other router/access points would not be affected. Perhaps that was the only model that they tested.
 
I'm wondering the same thing as the OP. Does anyone know if Asus and/or Merlin has patched it's routers for kr00k? My RT-AC68U must be vulnerable because it's Broadcom based.
 
I would have thought this would be patched where necessary. I did try this attack on my own network, when I used to have a AC87U, and I vaguely remember it not working. That doesn't necessarily mean it is patched though. I'm sure the others will know better.
 
Broadcom makes tons of different chips. Some are clients, some are AP. That report provides very little information on which specific chips are affected (and the few they list are all older or client-only chip). I don't see for instance the BCM4366 used by the RT-AC88U.

Only Broadcom and/or Eset would know anything more.
 
Broadcom makes tons of different chips. Some are clients, some are AP. That report provides very little information on which specific chips are affected (and the few they list are all older or client-only chip). I don't see for instance the BCM4366 used by the RT-AC88U.

Only Broadcom and/or Eset would know anything more.

You are right I was trying to find more info on this last night.

This CVE posted above looks to have some of the chipsets listed but we still need more info.

https://nvd.nist.gov/vuln/detail/CVE-2019-15126
 
I contacted Asus chat support and asked if the RT-AC68U was affected by this CVE and if there was a firmware update to fix it. He gave me a canned response to update to the latest firmware and I asked him if he knew for sure that the latest Asus firmware fixed it (on Asus' firmware download page it does not list this CVE as being fixed in the last few firmware updates for my router) and he admitted that he didn't know and that he didn't find any official response to this as yet. He emailed me a form to fill out to elevate my question to a software engineer. I have sent the form back and will post their response when I get one.
 
I contacted Asus chat support and asked if the RT-AC68U was affected by this CVE and if there was a firmware update to fix it. He gave me a canned response to update to the latest firmware and I asked him if he knew for sure that the latest Asus firmware fixed it (on Asus' firmware download page it does not list this CVE as being fixed in the last few firmware updates for my router) and he admitted that he didn't know and that he didn't find any official response to this as yet. He emailed me a form to fill out to elevate my question to a software engineer. I have sent the form back and will post their response when I get one.

you can always email jack cheng asus asustraila rep
 
you can always email jack cheng asus asustraila rep
Sorry for my ignorance but where do I get his email address?

Asus support is now asking for my router config file, etc. and I don't see why they'd need that. They should be able to figure out if their routers are vulnerable to a particular CVE or not. I've already told them which firmware I'm using at this time. I don't feel comfortable emailing my config file around the internet.
 
Sorry for my ignorance but where do I get his email address?

Asus support is now asking for my router config file, etc. and I don't see why they'd need that. They should be able to figure out if their routers are vulnerable to a particular CVE or not. I've already told them which firmware I'm using at this time. I don't feel comfortable emailing my config file around the internet.


try jack_cheng@asus.com
 
https://threatpost.com/billions-of-devices-wifi-encryption-hack/153267/


005f34fd340b43472fb24834d732a7de.jpg
 
Is the Arris SB8200 effected? I bought an SB8200 to avoid the Intel Puma latency bug and ping of death bug. Now we have Kr00k effecting Broadcom chips. I'm on Cox and currently have SB8200 Hardware Version 6 and Software Version AB01.01.009.27_081619_183.0A.NSH. My router is running the latest RT-AC86U_384.15_0 firmware.

...while the source of the bug lies in the Wi-Fi chips, fortunately, it can be mitigated through software or firmware updates... Sounds similar to Intel's response about the Puma 5, 6, and 7 Series bugs. Broadcomm has a different bug but the fix is similar software or firmware vs replacing hardware. I bought an SB8200 with the Broadcom chipset to avoid the Intel Puma chipset issues I had with my TM3402 with a Puma 7 chip. Still have the Arris TM3402 but it's set up as a voice-only modem. SB8200 connects to my RT86-U and TM3402 is set up for voice only. I own the SB8200 and the cable company owns the TM3402 but doesn't charge rent on phone modems.
 
Beat me to it.
If I understand correctly, Kr00k would not be a problem if 'Protected Management Frames' worked with *all* existing kit. !!!

Tried enabling PMF 'Required' and all the phones dropped off the network.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top