Wifi chip vulnerabilities CVE-2019-15126 and CVE-2020-3702

nurvummqxwifojwurw · August 19, 2020, 12:58pm

Dear Mikrotik society members

As this statement says:
https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/
, ESET has found new type of vulnerabilities in Broadcom, Cypress and Qualcomm WiFi chips.

Many of Mikrotik routers are equipped with a Qualcomm chip (hAP ac2 , mAP lite , … )

1.) Are these products vulnerable to CVE-2019-15126 and CVE-2020-3702 ?
2.) Or which products are vulnerable ?
3.) Will the products be fixed via a RouterOS or Wifi chip firmware upgrade ?

Thank you very much

nurvummqxwifojwurw · August 26, 2020, 11:54am

please answer

msatter · August 26, 2020, 12:05pm

You could have used search on the first and second one:

http://forum.mikrotik.com/t/cve-2019-15126-aka-kr00k-security-issue/137200/3

normis · August 26, 2020, 12:13pm

There was one potential issue in Qualcomm chips, we have adressed it, it will be in changelog and blog when released.

CoMMyz · September 3, 2020, 10:01am

Can we get a port to the long-term branch for such serious security fixes?
Thank you

CarlitoxxPro · September 8, 2020, 7:04pm

In the most recent ROS Update (6.47.3) was implemented the fix for CVE-2020-3702 https://mikrotik.com/download/changelogs#show-tab-tree_1-id-feae79e125e62cdbec76f4cd82cd472f