Synology-SA-20:03 Kr00k

Publish Time: 2020-03-11 19:08:54 UTC+8

Last Updated: 2020-03-11 19:32:08 UTC+8

Severity
Low
Status
Ongoing

Abstract

A vulnerability allows remote attackers to obtain sensitive information via a susceptible version of Synology Router Manager (SRM) that is equipped with Broadcom BCM43460.

Affected Products

Product Severity Fixed Release Availability
SRM 1.2[1] Low Ongoing

[1] RT1900ac

Mitigation

None

Detail

  • CVE-2019-15126
    • Severity: Low
    • CVSS3 Base Score: 3.1
    • CVSS3 Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
    • An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.

Reference

Revision

Revision Date Description
1 2020-03-11 Initial public release.