Kr00k vulnerability again

Has anyone tested it yet with CZ.NIC hardware?

2 Likes

Hi @viktor,

Thank you for bringing attention to such an issue.

We are investigating this with the highest priority. While looking into more details, I see that the Turris Omnia router should be affected. Unfortunately as far as I know nobody reached us from ESET before publishing the article. :frowning:

Also if anyone finds anything security-related, we have a dedicated email address for such issues.

When there is anything more, we will let you know.

2 Likes

Eset’s yesterday blog post says that Omnia is vulnerable:

The devices we tested and found to have been vulnerable are the D-Link DCH-G020 Smart Home Hub and the Turris Omnia wireless router.

(For clarification; it wasn’t clear to me from the above posts.)

If Eset know it, he should have told you in advance! This is unforgivable, especially when it comes to brothers from Slovakia.

1 Like

ESET is reporting that as know vulnerability for Qualcomm chipset: CVE-2020-3702


It was initially reported on 03/03/2020.

Few days ago extend vulnerability to further vendors and released proof-of-concept of exploit.

Hello guys,

We sent several emails to ESET, but so far, we don’t have any luck. @Leonardo posted here Qualcomm bulletin, where you can see affected chipsets for CVE-2020-3702, but by default, we are not using any listed chipsets there. Turris Omnia comes preinstalled with two Wi-Fi cards:

  • Compex WLE900VX (chipset Qualcomm QCA9880)
  • Compex WLE200N2 (chipset Atheros AR9287)

We are seeking more details about cryptographic issues together with our Wi-Fi card supplier - Compex and we got in touch with Qualcomm to get more details.

Stay tuned for updates!

5 Likes

Any news with this possible issue?

1 Like