Has anyone tested it yet with CZ.NIC hardware?
Thank you for bringing attention to such an issue.
We are investigating this with the highest priority. While looking into more details, I see that the Turris Omnia router should be affected. Unfortunately as far as I know nobody reached us from ESET before publishing the article.
Also if anyone finds anything security-related, we have a dedicated email address for such issues.
When there is anything more, we will let you know.
Eset’s yesterday blog post says that Omnia is vulnerable:
The devices we tested and found to have been vulnerable are the D-Link DCH-G020 Smart Home Hub and the Turris Omnia wireless router.
(For clarification; it wasn’t clear to me from the above posts.)
If Eset know it, he should have told you in advance! This is unforgivable, especially when it comes to brothers from Slovakia.
ESET is reporting that as know vulnerability for Qualcomm chipset: CVE-2020-3702
It was initially reported on 03/03/2020.
Few days ago extend vulnerability to further vendors and released proof-of-concept of exploit.
We sent several emails to ESET, but so far, we don’t have any luck. @Leonardo posted here Qualcomm bulletin, where you can see affected chipsets for CVE-2020-3702, but by default, we are not using any listed chipsets there. Turris Omnia comes preinstalled with two Wi-Fi cards:
- Compex WLE900VX (chipset Qualcomm QCA9880)
- Compex WLE200N2 (chipset Atheros AR9287)
We are seeking more details about cryptographic issues together with our Wi-Fi card supplier - Compex and we got in touch with Qualcomm to get more details.
Stay tuned for updates!
Any news with this possible issue?