Synology-SA-20:03 Kr00k
Publish Time: 2020-03-11 19:08:54 UTC+8
Last Updated: 2021-05-24 10:38:51 UTC+8
- Severity
- Low
- Status
- Will not fix
Abstract
A vulnerability allows remote attackers to obtain sensitive information via a susceptible version of Synology Router Manager (SRM) that is equipped with Broadcom BCM43460.
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| SRM 1.2[1] | Low | Will not fix |
[1] RT1900ac
Mitigation
None
Detail
- CVE-2019-15126
- Severity: Low
- CVSS3 Base Score: 3.1
- CVSS3 Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
- An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.
Reference
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2020-03-11 | Initial public release. |
| 2 | 2021-05-24 | Updated Affected Products for SRM 1.2 which will not be fixed. |