Broadcom patched high-severity DoS flaw in chipset software

ASUS RT-BE86U confirmed vulnerable; other models may be affected

Attack crashes 5G Wi-Fi, requiring manual router restart

Broadcom has fixed a bug in its chipset software which allowed malicious actors to trigger denial of service (DoS) attacks on specific routers.

The vulnerability, which has not yet been assigned a CVE, was given a severity score of 8.4/10 (high), and customers are advised to reach out to Broadcom for more details about affected products, versions, and fixes.

Recently, security researchers from the Black Duck Cybersecurity Research Center (CyRC) were testing the interoperability of the Defensics® Fuzzing with 802.11 protocol test suites against ASUS routers.

Denial of service on the router

Defensics Fuzzing is an automated software security testing method that sends large volumes of malformed and random inputs to a system to see how it behaves. CyRC generated malformed 802.11 (Wi‑Fi) protocol traffic and sent it to Asus routers to see what happened - and the router crashed.

“During testing, the CyRC team found Defensics anomaly test cases that caused the network to stop working until the router was manually reset,” the researchers said in a security advisory.

“This vulnerability allows an attacker to make the access point unresponsive to all clients and terminate any ongoing client connections. If data transmission to subsequent systems is ongoing, the data may become corrupted or, at minimum, the transmission will be interrupted.”

In theory, a threat actor could send a single frame over the air to the router, regardless of the configured network security level. Almost instantly, all clients on the 5G network will lose their signal and won’t be able to reconnect until the router is manually restarted. Ethernet connections and the 2.4 GHz network are not affected by this bug, it was said.

A deeper investigation determined that the problem was in Broadcom chipset software, and after reaching out to the manufacturer, the company came back with a patch.

So far, at least one model was found vulnerable: Asus RT-BE86U. However, CyRC said that other devices using the same wireless chipset and/or associated software “may be similarly affected”. To be sure, though, users are advised to reach out to Broadcom, since a comprehensive list of impacted products is not publicly available.

