Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob

Security Bulletin: Wi-Fi Security Vulnerability CVE-2019-15126

Security Bulletin: Wi-Fi Security Vulnerability CVE-2019-15126

SaraLeslie
Community Manager
Community Manager
Community Manager
250 sign-ins 100 sign-ins 50 likes received

Cypress has reviewed recent reports on Wi-Fi security vulnerability outlined in CVE-2019-15126. Our

customers can receive updates by creating a support case through our secure support portal or by

contacting their Cypress representative.

 

If you believe you have identified a vulnerability in any Cypress product, please visit our security

response page and email the Product Security Incident Response Team (PSIRT) at psirt@cypress.com

0 Likes
1725 Views
9 Comments
Félix_T
Level 5
Level 5
10 sign-ins First comment on blog 50 replies posted

Will cypress release a patched firmware for the affected chips? Our company uses some older wiced ICs which still run wiced 3.7 and earlier.

BCM43362 and BCM43341 on wiced 3.7 and CY43012 on wiced 6.4.

0 Likes
SaraLeslie
Community Manager
Community Manager
Community Manager
250 sign-ins 100 sign-ins 50 likes received

Hello Felix, thanks for your question and I have escalated this to the right team internally.

Thanks, Sara

0 Likes
Anonymous
Not applicable

Is 4343W / Linux impacted  CVE-2019-15126 ?

Thanks,

Raul.

0 Likes
MichaelF_56
Moderator
Moderator
Moderator
250 sign-ins 25 comments on blog 10 comments on blog

Please contact you local Cypress Sales/FAE team and they will be able to provide an update based on the platform in use (WICED, Linux, ModusToolbox).

0 Likes
MichaelF_56
Moderator
Moderator
Moderator
250 sign-ins 25 comments on blog 10 comments on blog

Note that CVE-2019-15126 = "kr00k"

0 Likes
LaCo_2503811
Level 1
Level 1
Welcome!

Hi MichaelF_56​, Im not seeing CVE-2019-15126 addressed as part of the WICED 6.6 release notes. Is this issue still to be addressed as part of a future WLAN firmware update?

0 Likes
MichaelF_56
Moderator
Moderator
Moderator
250 sign-ins 25 comments on blog 10 comments on blog

They are part of WICED 6.6 and have been applied to  4343W, 43907, 54907, 43362, 43340. The ‘All Zero Encryption Key’ fix mentioned in the release notes equates to CVE-2019-15126. Additionally, check out WiFiSecurityExploits.txt in the WICED-SDK Wi-Fi top level folder for the details.

0 Likes
angelinasosa
Level 0
Level 0
First comment on blog First reply posted Welcome!

Hello,

Is there a list of vulnerable chips  that you can share?

 

Thank you.

0 Likes
mogl_4739531
Level 1
Level 1
First like given 5 sign-ins First question asked

hello, 

Is the fix for this CVE part of version  v5.10.9-2022_0511?

regards 

0 Likes
Authors