• April 07, 2020, 08:03:40 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Krk: Serious vulnerability affected encryption of billion+ Wi‑Fi devices  (Read 504 times)

GreenBay42

  • Administrator
  • Level 10 Member
  • *
  • Posts: 2436

For the latest information regarding Krook's impact on D-Link products, please visit https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10162



D-Link Response:
ESET researchers recently reported that an industry-wide vulnerability named Krk could potentially affect devices with Broadcom Wi-Fi chips. D-Link is currently investigating the issue with Broadcom to understand the potential impact on D-Link devices. Meanwhile, we strongly advise D-Link device owners use encrypted connection methods such as HTTPS, SSH, or POP3S to minimize their risk of being hacked. We will provide updates as soon as we have more information.
 
D-Link takes the issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and implement appropriate security measures. Please check the D-Link website for updates regularly.



ESET Article: https://www.welivesecurity.com/2020/02/26/krook-serious-vulnerability-affected-encryption-billion-wifi-devices/

Tests confirmed that prior to patching, some client devices by Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3), Xiaomi (RedMi), as well as some access points by Asus and Huawei, were vulnerable to Krk. This totaled to over a billion Wi-Fi-capable devices and access points, at a conservative estimate. Further, many other vendors whose products we did not test also use the affected chipsets in their devices.

The vulnerability affects both WPA2-Personal and WPA2-Enterprise protocols, with AES-CCMP encryption.

NVD: https://nvd.nist.gov/vuln/detail/CVE-2019-15126
CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15126


 
« Last Edit: March 06, 2020, 08:20:12 AM by GreenBay42 »
Logged