A notable Wi-Fi vulnerability has been identified that could allow attackers to disrupt home and business networks,possibly cutting off internet access with a single,skillfully crafted packet. The flaw, discovered by Black duck Cybersecurity in software powering Broadcom chips, currently has a high severity rating despite not yet receiving a public CVE designation.Experts are urging users to verify their device status with manufacturers and apply available security updates to mitigate the risk of denial-of-service attacks targeting the commonly used 5 ghz Wi-Fi band.
Wi-Fi Vulnerabilities
Wi-Fi Vulnerabilities
A recently discovered security flaw in Wi-Fi technology could allow attackers to disrupt wireless networks, potentially cutting off internet access for users and forcing manual router restarts. The vulnerability underscores the ongoing challenges of securing the increasingly complex wireless infrastructure that powers modern connectivity.
Black Duck Cybersecurity, a research firm specializing in application security, identified a security issue within software powering chips developed by Broadcom. The flaw enables attackers to launch denial-of-service (DoS) attacks against specific wireless router models.
Despite not yet being logged in the widely-used CVE database, the vulnerability received a high severity rating of 8.4 out of 10.
The company is advising affected users to contact them directly for details on impacted products, affected software versions, and available security updates.
How Was the Wi-Fi Vulnerability Discovered?
The flaw was uncovered during security testing conducted by Black Duck researchers while evaluating the compatibility of Defensics Fuzzing tools with the 802.11 protocol used in Wi-Fi networks. Testing focused on routers manufactured by Asus.
Defensics Fuzzing works by sending large volumes of random or malformed data to targeted systems to analyze how they handle unexpected inputs and identify potential weaknesses.
During testing, researchers generated and transmitted corrupted data over a Wi-Fi network to the routers, causing them to crash and the network to become unresponsive.
Researchers confirmed in a security advisory that some unusual test cases completely disabled the network, requiring a manual router reboot to restore connectivity.
Wi-Fi Network Disruption with a Single Packet
The report indicates that, theoretically, the attack can be executed with a single packet sent to the router, regardless of the network’s security level or protection settings.
In such a scenario, all devices connected to a 5 GHz Wi-Fi network would lose connection almost immediately and be unable to reconnect without a manual router restart.
Researchers clarified that the vulnerability affects wireless communications over the 5 GHz band, while wired Ethernet connections or Wi-Fi networks operating on the 2.4 GHz band remain unaffected.
Affected Devices and Recommendations
The root cause of the issue lies in the software powering Broadcom’s wireless communication chips, which has since released a security update to address the problem.
Currently, at least one device – the Asus RT-BE86U – has been confirmed as affected, but researchers warn that other devices using the same chip or related software may also be vulnerable.
Due to the lack of a comprehensive official list of affected devices, experts recommend that users contact Broadcom or their device manufacturers to verify their device’s status and install necessary security updates as soon as possible.
