Chipset-level bugs linger: Researchers said the vulnerability highlights why protocol-stack implementation remains open to serious flaws. “This attack is both easy to execute and highly disruptive, underscoring that even mature and widely deployed network technologies can still yield new and serious attack vectors,” said Saumitra Das, vice president of engineering at Qualys. “Because the attack can be launched by an unauthenticated client, encryption alone offers little protection.”Das emphasized the role of fuzz testing in uncovering such issues. “Over the years, fuzzing has uncovered a wide range of vulnerabilities, including buffer overflows in drivers, denial-of-service conditions, remote code execution, and performance instability,” he said, adding that the complexity of the WiFi stack makes subtle flaws hard to eliminate.Broadcom’s PSIRT reportedly confirmed that a patched version of the affected software has been released to customers, with device manufacturers expected to integrate the fix into their own firmware distributions. ASUS also rolled out a fix in firmware version 3.0.0.6.102_37841 and later. CyRC said specific technical details of the vulnerability were intentionally withheld due to the risk of widespread exploitation across wireless infrastructure. Recommendations include segmenting wireless networks, auditing for end-of-life access points, prioritizing patches based on business criticality, and closely monitoring network edges.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4116064/high-severity-bug-in-broadcom-software-enables-easy-wifi-denial-of-service.html
