CVE-2019-15126
published 2020-02-05CVE-2019-15126: An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions)…
PriorityP429low3.1CVSS 3.1
AVAACHPRNUINSUCLINAN
EXPLOIT
EPSS
7.71%
93.9th percentile
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_13.2_and_ipados | — | — |
| apple | ipados | < 13.2 | 13.2 |
| apple | iphone_os | < 13.2 | 13.2 |
| apple | mac_os_x | < 10.15.1 | 10.15.1 |
| apple | macos_catalina_10.15.1_security_update_2019-001_and_security_update_2019-006 | — | — |
| apple | macos_catalina_10.15.2_security_update_2019-002_mojave_security_update_2019-007 | — | — |
| msrc | hololens_1 | — | — |
CVSS provenance
nvdv3.13.1LOWCVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.02.9LOWAV:A/AC:M/Au:N/C:P/I:N/A:N
vendor_cisco4.3MEDIUM
vendor_msrc3.1LOW
vendor_redhat3.1LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p2g8-8j8x-3728: An issue was discovered on Broadcom Wi-Fi client devices
ghsa_unreviewed·2022-05-24·CVSS 7.9
CVE-2019-15126 [HIGH] GHSA-p2g8-8j8x-3728: An issue was discovered on Broadcom Wi-Fi client devices
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.
Microsoft
MITRE: CVE-2019-15126 Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device
vendor_msrc·2023-02-14·CVSS 3.1
CVE-2019-15126 [LOW] MITRE: CVE-2019-15126 Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device
MITRE: CVE-2019-15126 Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device
Description: An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic.
Broadcom no longer supports their hardware on any Windows platforms. As such there is no security update available to address this vulnerability. We recommend that customers using HoloLens 1 devices with this WiFi client device do the following to protect themselves from this vulnerability:
Update Wi-Fi routers to mitigate
CISA ICS
Siemens SIMATIC, SIMOTICS (Update A)
cisa_ics·2020-08-11·CVSS 3.1
[LOW] Siemens SIMATIC, SIMOTICS (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SIMATIC, SIMOTICS (Update A)
Last RevisedDecember 08, 2020
Alert CodeICSA-20-224-05
## 1. EXECUTIVE SUMMARY
- CVSS v3 3.1
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Siemens
- Equipment: SIMATIC, SIMOTICS
- Vulnerability: TOCTOU Race Condition
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-20-224-05 Siemens SIMATIC, SIMOTICS that was published August 11, 2020, on the ICS webpage on us-cert.gov.
## 3. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker
Cisco
Wi-Fi Protected Network and Wi-Fi Protected Network 2 Information Disclosure Vulnerability
vendor_cisco·2020-02-27·CVSS 4.3
CVE-2019-15126 [MEDIUM] CWE-326 Wi-Fi Protected Network and Wi-Fi Protected Network 2 Information Disclosure Vulnerability
Wi-Fi Protected Network and Wi-Fi Protected Network 2 Information Disclosure Vulnerability
On February 26th, 2020, researchers Štefan Svorencík and Robert Lipovsky disclosed a vulnerability in the implementation of the wireless egress packet processing of certain Broadcom Wi-Fi chipsets. This vulnerability could allow an unauthenticated, adjacent attacker to decrypt Wi-Fi frames without the knowledge of the Wireless Protected Access (WPA) or Wireless Protected Access 2 (WPA2) Pairwise Temporal Key (PTK) used to secure the Wi-Fi network.
The vulnerability exists because after an affected device handles a disassociation event it could send a limited number of Wi-Fi frames encrypted with a static, weak PTK. An attacker could exploit this vulnerability by acquiring these frames and decryptin
Red Hat
linux-firmware: Transmission of data encrypted with an all-zero session key after disassociation
vendor_redhat·2020-02-05·CVSS 3.1
CVE-2019-15126 [LOW] CWE-358 linux-firmware: Transmission of data encrypted with an all-zero session key after disassociation
linux-firmware: Transmission of data encrypted with an all-zero session key after disassociation
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.
Statement: This issue is present in the Broadcom Wi-Fi client devices firmware and is not fixable in software. While Red Hat ships certain hardware firmware binary blobs via linux-firmware package we rely on the hardware vendors to populate (and document) these firmware binary blobs
Apple
CVE-2019-15126: macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
vendor_apple·2019-12-10·CVSS 3.1
CVE-2019-15126 [LOW] CVE-2019-15126: macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
Apple Security Update: About the security content of macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
Product: macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
CVE: CVE-2019-15126
Component: Wi-Fi
Impact: An attacker in Wi-Fi range may be able to view a small amount of network traffic
Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.
Apple
CVE-2019-15126: macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006
vendor_apple·2019-10-29·CVSS 3.1
CVE-2019-15126 [LOW] CVE-2019-15126: macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006
Apple Security Update: About the security content of macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006
Product: macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006
CVE: CVE-2019-15126
Component: Wi-Fi
Impact: An attacker in Wi-Fi range may be able to view a small amount of network traffic
Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.
Apple
CVE-2019-15126: iOS 13.2 and iPadOS 13.2
vendor_apple·2019-10-28·CVSS 3.1
CVE-2019-15126 [LOW] CVE-2019-15126: iOS 13.2 and iPadOS 13.2
Apple Security Update: About the security content of iOS 13.2 and iPadOS 13.2
Product: iOS 13.2 and iPadOS
Version: 13.2
CVE: CVE-2019-15126
Component: Wi-Fi
Impact: An attacker in Wi-Fi range may be able to view a small amount of network traffic
Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.
Cisco
Wi-Fi Protected Network and Wi-Fi Protected Network 2 Information Disclosure Vulnerability
vendor_cisco·CVSS 3.0
CVE-2019-15126 Wi-Fi Protected Network and Wi-Fi Protected Network 2 Information Disclosure Vulnerability
CVE-2019-15126: Wi-Fi Protected Network and Wi-Fi Protected Network 2 Information Disclosure Vulnerability
On February 26th, 2020, researchers Štefan Svorencík and Robert Lipovsky disclosed a vulnerability in the implementation of the wireless egress packet processing of certain Broadcom Wi-Fi chipsets. This vulnerability could allow an unauthenticated, adjacent attacker to decrypt Wi-Fi frames without the knowledge of the Wireless Protected Access (WPA) or Wireless Protected Access 2 (WPA2) Pairwise Temporal Key (PTK) used to secure the Wi-Fi network. The vulnerability exists because after an affected device handles a disassociation event it could send a limited number of Wi-Fi frames encrypted with a static, weak PTK. An attacker could exploit this vulnerability by acquiring these frames
No detection rules found.
arXiv
In Numeris Veritas: An Empirical Measurement of Wi-Fi Integration in Industry
arxiv_fulltext·2025-09-21
In Numeris Veritas: An Empirical Measurement of Wi-Fi Integration in Industry
In Numeris Veritas: An Empirical Measurement of Wi-Fi Integration in Industry
Vyron Kampourakis10000-0003-4492-5104
Christos Smiliotopoulos20000-0001-7530-7152
Vasileios Gkioulos10000-0001-7304-3835
Sokratis Katsikas10000-0003-2966-9683
V. Kampourakis et al.
Norwegian University of Science and Technology, 2802 Gjøvik, Norway \vyron.kampourakis, vasileios.gkioulos, sokratis.katsikas\@ntnu.no University of the Aegean, 83200 Karlovasi, Greece [email protected]
## Abstract
Traditional air gaps in industrial systems are disappearing as IT technologies permeate the OT domain, accelerating the integration of wireless solutions like Wi-Fi. Next-generation Wi-Fi standards (IEEE 802.11ax/be) meet performance demands for industrial use cases, yet their introduction raises significant sec
arXiv
A Review on C3I Systems' Security: Vulnerabilities, Attacks, and Countermeasures
arxiv_fulltext·2022-01-31
A Review on C3I Systems' Security: Vulnerabilities, Attacks, and Countermeasures
A Review on C3I Systems' Security: Vulnerabilities, Attacks, and Countermeasures
Hussain Ahmad
[email protected]
CREST - The Centre for Research on Engineering Software Technologies, The University of Adelaide, CSCRC - Cyber Security Cooperative Research Centre
Australia
Isuru Dharmadasa
[email protected]
Faheem Ullah
[email protected]
CREST - The Centre for Research on Engineering Software Technologies, The University of Adelaide
Australia
M. Ali Babar
[email protected]
CREST - The Centre for Research on Engineering Software Technologies, The University of Adelaide, CSCRC - Cyber Security Cooperative Research Centre
Australia
Authors' addresses: Hussain Ahmad, [email protected]; Isuru Dharmadasa, isuru.mahaganiarach
Eset
Supply chain dependencies: Have you checked your blind spot?
blogs_eset·2026-04-16
CVE-2019-15126 Supply chain dependencies: Have you checked your blind spot?
Some cyber business risks only show up when you take a closer look. Supply chain blind spots are a perfect example. Behind these essential third-party connections, products and services can lurk unseen vulnerabilities that precipitate major cyber incidents – halting operations, triggering downstream chaos, and making headlines with their financial, reputational, and legal/compliance impacts.
As supply chains become increasingly digitized and complex, they provide cybercriminals a bigger “risk surface” to aim for. Organizations need to understand their supply chain dependencies in depth so they can map the risks and deploy effective resilience strategies to protect sensitive data and sustain business continuity. Yet according to the latest research from ESET and other sources, SMBs largely
Schneier
Wi-Fi Chip Vulnerability - Schneier on Security
blogs_schneier·2020-03-01·CVSS 3.1
[LOW] Wi-Fi Chip Vulnerability - Schneier on Security
## Wi-Fi Chip Vulnerability
There’s a vulnerability in Wi-Fi hardware that breaks the encryption :
The vulnerability exists in Wi-Fi chips made by Cypress Semiconductor and Broadcom, the latter a chipmaker Cypress acquired in 2016. The affected devices include iPhones, iPads, Macs, Amazon Echos and Kindles, Android devices, and Wi-Fi routers from Asus and Huawei, as well as the Raspberry Pi 3. Eset, the security company that discovered the vulnerability, said the flaw primarily affects Cypress’ and Broadcom’s FullMAC WLAN chips, which are used in billions of devices. Eset has named the vulnerability Kr00k, and it is tracked as CVE-2019-15126.
Manufacturers have made patches available for most or all of the affected devices, but it’s not clear how many devices have installed the patches.
Trendmicro
Trend Micro Detects 10% Rise in Ransomware in 2019
blogs_trendmicro·2020-02-28
Trend Micro Detects 10% Rise in Ransomware in 2019
Ransomware
# Trend Micro Detects 10% Rise in Ransomware in 2019
Read how Trend Micro detected a 10% rise in ransomware attacks in 2019. Also, learn about a new Wi-Fi encryption vulnerability affecting over a billion devices.
By: Trend Micro
2020/02/28
Read time: ( words)
Save to Folio
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about how Trend Micro detected a 10 percent rise in ransomware attacks in 2019. Also, learn about a new Wi-Fi encryption vulnerability affecting over a billion devices.
Read on:
#### Trend Micro Detects a 10 Percent Rise in Ransomware
In its 2019 Annual Security Roundup, Trend Micro detected a decrease in the number of new ransomware familie
Trendmicro
Trend Micro Detects 10% Rise in Ransomware in 2019
blogs_trendmicro·2020-02-28
Trend Micro Detects 10% Rise in Ransomware in 2019
Ransomware
## Trend Micro Detects 10% Rise in Ransomware in 2019
Read how Trend Micro detected a 10% rise in ransomware attacks in 2019. Also, learn about a new Wi-Fi encryption vulnerability affecting over a billion devices.
By: Trend Micro Feb 28, 2020 Read time: ( words)
Save to Folio
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about how Trend Micro detected a 10 percent rise in ransomware attacks in 2019. Also, learn about a new Wi-Fi encryption vulnerability affecting over a billion devices.
Read on:
## Trend Micro Detects a 10 Percent Rise in Ransomware
In its 2019 Annual Security Roundup, Trend Micro detected a decrease in the number of new ransomware familie
Trendmicro
Trend Micro Detects 10% Rise in Ransomware in 2019
blogs_trendmicro·2020-02-28
Trend Micro Detects 10% Rise in Ransomware in 2019
Ransomware
## Trend Micro Detects 10% Rise in Ransomware in 2019
Read how Trend Micro detected a 10% rise in ransomware attacks in 2019. Also, learn about a new Wi-Fi encryption vulnerability affecting over a billion devices.
By: Trend Micro 2020/02/28 Read time: ( words)
Save to Folio
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about how Trend Micro detected a 10 percent rise in ransomware attacks in 2019. Also, learn about a new Wi-Fi encryption vulnerability affecting over a billion devices.
Read on:
## Trend Micro Detects a 10 Percent Rise in Ransomware
In its 2019 Annual Security Roundup, Trend Micro detected a decrease in the number of new ransomware families
Bugzilla
CVE-2019-15126 linux-firmware: Transmission of data encrypted with an all-zero session key after disassociation
bugzilla·2020-02-27·CVSS 3.1
CVE-2019-15126 [LOW] CVE-2019-15126 linux-firmware: Transmission of data encrypted with an all-zero session key after disassociation
CVE-2019-15126 linux-firmware: Transmission of data encrypted with an all-zero session key after disassociation
An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.
References:
https://www.zdnet.com/article/new-kr00k-vulnerability-lets-attackers-decrypt-wifi-packets/
https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf
https://www.eset.com/int/kr00k/
Discussion:
Statement:
This issue is present in the Broad
http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.htmlhttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txthttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-enhttp://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-enhttps://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdfhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001https://support.apple.com/kb/HT210721https://support.apple.com/kb/HT210722https://support.apple.com/kb/HT210788https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosurehttps://us-cert.cisa.gov/ics/advisories/icsa-20-224-05https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/https://www.synology.com/security/advisory/Synology_SA_20_03http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.htmlhttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txthttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-enhttp://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-enhttps://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdfhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001https://support.apple.com/kb/HT210721https://support.apple.com/kb/HT210722https://support.apple.com/kb/HT210788https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosurehttps://us-cert.cisa.gov/ics/advisories/icsa-20-224-05https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/https://www.synology.com/security/advisory/Synology_SA_20_03
2020-02-05
Published