Security Operations, Network Security, Vulnerability Management, Patch/Configuration Management, Endpoint/Device Security, SOC

Broadcom chip software flaw affecting ASUS routers enables DoS

A Broadcom chipset software flaw affecting certain ASUS routers could enable an unauthenticated attacker within range of a 5 GHz Wi-Fi network to cause an immediate disconnection requiring a manual router reset, Black Duck disclosed Tuesday.

The denial-of-service (DoS) vulnerability was discovered by Black Duck researchers while conducting fuzz testing against the ASUS RT-BE86U wireless router. The issue was traced back to the Broadcom chip software used by the router, with Broadcom releasing a fix and ASUS pushing a firmware update to resolve it.

“This attack is both easy to execute and highly disruptive, underscoring that even mature and widely deployed network technologies can still yield new and serious attack vectors,” Qualys Vice President of Engineering Saumitra Das said in an email to SC Media.

The attack only requires a single malformed frame sent over the air to cause an immediate loss of connection for all clients on the network, bypassing WPA2 and WPA3 protection, according to Black Duck.


Related reading:


While a full list of affected router models is not available, the issue is known to affect ASUS RT-BE86U routers running firmware version 3.0.0.6.102_37612 and older. The issue is fixed in firmware version 3.0.0.6.102_37841.

Cybersecurity experts who spoke with SC Media about the vulnerability presented potential scenarios where this DoS exploit could cause serious disruption and raise additional security concerns.

“This has the potential to open the door to evil twin attacks where the real access point is knocked offline and a rogue one with the same name and password replaces it,” noted BeyondTrust Field CTO James Maude.

Even after a manual router reset to restore connection, an attacker could continuously knock the network offline if the attack is not detected and disrupted.

“Attackers don’t have to completely take over a device to do damage if they can keep breaking the connection without authentication. They can stop sales conversations, mess up communications between executives, affect support operations, and make employees use risky workarounds like personal hotspots or unmanaged networks,” Randolph Barr, CISO at Cequence Security, said.

The vulnerability does not affect 2.4 GHz networks or Ethernet connections, according to Black Duck, meaning an affected organization could fall back on a 2.4 GHz connection as a mitigation, noted Maude.

Ben Ronallo, principal cybersecurity engineer at Black Duck, offered key takeaways from the discovery of this vulnerability that can aid organizations in defending their networks against disruptive DoS attacks.

“Segment your networks to prevent a direct path to your critical systems. Audit for end of life/support systems (e.g. access points) and replace them when possible. If that’s not possible, lock them down, have redundant logging in pace, and monitor network edges with intrusion detection/prevention.” Ronallo said in an email to SC Media.

Ronallo also suggests organizations set up honeypots to help gain an understanding of the threats targeting their networks.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds