Test ID:	1.3.6.1.4.1.25623.1.0.104507
Category:	Huawei
Title:	Huawei Data Communication: Information Disclosure Vulnerability (huawei-sa-20200527-01-wifi-en, Kr00k)
Summary:	Huawei Data Communication devices are prone to an information; disclosure vulnerability dubbed 'Kr00k'.
Description:	Summary: Huawei Data Communication devices are prone to an information disclosure vulnerability dubbed 'Kr00k'. Vulnerability Insight: An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device. Vulnerability Impact: The flaw lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic. Affected Software/OS: AP7030DE versions V200R005C20, V200R006C00, V200R006C10, V200R006C20, V200R007C10, V200R007C20, V200R008C00, V200R008C10, V200R010C00, V200R019C00 AP9330DN versions V200R005C20, V200R006C00, V200R006C10, V200R006C20, V200R007C10, V200R007C20, V200R008C00, V200R008C10, V200R010C00, V200R019C00 Solution: See the referenced vendor advisory for a solution. CVSS Score: 2.9 CVSS Vector: AV:A/AC:M/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-15126 Cisco Security Advisory: 20200227 Wi-Fi Protected Network and Wi-Fi Protected Network 2 Information Disclosure Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05
Copyright	Copyright (C) 2023 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.