What's new

Kr00k vulnerability 2020

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Some already did. Examples for some popular ASUS models:

ASUS RT-AC66U-B1 Firmware version 3.0.0.4.385.20253
- Fixed CVE-2019-15126 (Kr00k) vulnerability.

ASUS RT-AC68U Firmware version 3.0.0.4.385.20253
- Fixed CVE-2019-15126 (Kr00k) vulnerability.

ASUS RT-AC86U Firmware version 3.0.0.4.384.81352
- Fixed CVE-2019-15126 (Kr00k) vulnerability

ASUS RT-AX88U Firmware version 3.0.0.4.384.7997
- Fixed CVE-2019-15126 (Kr00k) vulnerability.
 
What about the rest ?
They need to get fined if they don’t patch it in an acceptable timeframe, I think they will blame it on the pandemic.

* Asus patched RT-AC88U too
 
They need to get fined...

If you read carefully what Kr00k actually is, you'll find it's a bug allowing decryption of limited amount of packages in a very specific moment. It's not like a door to your network or anything close. The eventual attacker should be in range of your WiFi and still doesn't have full access to transmitted data.
 
They need to get fined if they don’t patch it in an acceptable timeframe, I think they will blame it on the pandemic.

This security hole has a risk score of 3.1 out of 10 with NVD. There is absolutely zero reason to panic about this.

Beside, this is a client issue. Routers are not at risk if they are running as routers/access points.
 
Some already did. Examples for some popular ASUS models:

ASUS RT-AC66U-B1 Firmware version 3.0.0.4.385.20253
- Fixed CVE-2019-15126 (Kr00k) vulnerability.

ASUS RT-AC68U Firmware version 3.0.0.4.385.20253
- Fixed CVE-2019-15126 (Kr00k) vulnerability.

ASUS RT-AC86U Firmware version 3.0.0.4.384.81352
- Fixed CVE-2019-15126 (Kr00k) vulnerability

ASUS RT-AX88U Firmware version 3.0.0.4.384.7997
- Fixed CVE-2019-15126 (Kr00k) vulnerability.


Version 3.0.0.4.384.86812020/03/1960.2 MBytes

ASUS RT-AX92U Firmware version 3.0.0.4.384.8681
- Fixed CVE-2019-15126 (Kr00k) vulnerability.
 
Can router manufacturers step in and fix it ?

I suggest you go ask them all and come back and let us know what they say.

OE
 
Similar threads
Thread starter Title Forum Replies Date
C TP-Link Archer High Vulnerability General Network Security 4

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top