CyRC advisory: Vulnerability in Broadcom chipset causes network disruption and client disconnection on wireless routers

Exploitation details

The vulnerability description is based on testing with the ASUS RT-BE86U wireless router. Other devices using the same wireless chipset and/or associated software may be similarly affected, but this report is based solely on the observed test results.

The vulnerability can be exploited by sending a single frame over the air to the router within range, regardless of the configured network security level. The immediate effect is the loss of connection for all clients on the 5 GHz network, preventing reconnection until the router is manually restarted. This includes guest networks as well. Ethernet connections and the 2.4 GHz network remain unaffected. After the restart, the attacker can immediately repeat the attack.

Specific details of the vulnerability have not been disclosed due to the potential risk it poses to numerous systems and users. Revealing such information could lead to widespread exploitation, causing significant harm to network infrastructure and compromising the security and functionality of affected devices. The CyRC priority with Defensics is to ensure the protection and stability of wireless networks while collaboratively working to responsibly disclose and resolve identified issues.

Affected software

The Broadcom PSIRT confirmed that a patched version of the affected software has been released to its customers. Broadcom customers and partners should contact the company to get more details on affected products, versions, and fixes. A comprehensive list of impacted products is not publicly available.

Test device

Hardware: ASUS RT-BE86U
Firmware: 3.0.0.6.102_37812 and older versions are affected by the vulnerability

Impact

CVSS 4.0 score: 8.4 (High)

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:L/SA:H

Remediation

Broadcom has provided a patched version of the affected software to its customers. Device manufacturers using the affected software should integrate the patch into their releases.

ASUS has released updated firmware for affected devices. Users should monitor ASUS support channels for the latest updates.

Test device

Hardware: ASUS RT-BE86U
Firmware: 3.0.0.6.102_37841 and newer versions include a fix for the vulnerability

Discovery credit

Kari Hulkko from the CyRC discovered these vulnerabilities by using Defensics with 802.11 AP test suite.

Timeline

·       December 23, 2024: Initial disclosure

·       January 7, 2025: Detailed information with debug logs provided

·       January 31, 2025: Fix received and verified with Defensics

·       July 31, 2025: ASUS confirmed update availability for all affected devices

·       January 13, 2026: Advisory published by Black Duck

About CVSS

FIRST.Org, Inc (FIRST) is a nonprofit organization based out of the U.S. that owns and manages CVSS. It is not required to be a member of FIRST to utilize or implement CVSS but FIRST does require any individual or organization give appropriate attribution while using CVSS. FIRST also states that any individual or organization that publishes scores follow the guideline so that anyone can understand how the score was calculated.

View CyRC CVE Library