### [CVE-2019-15126](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15126) ![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503. ### POC #### Reference - http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html - http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html - http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt - http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure #### Github - https://github.com/0x13enny/kr00k - https://github.com/0xT11/CVE-POC - https://github.com/5l1v3r1/kr00k-vulnerability - https://github.com/ARPSyndicate/cvemon - https://github.com/Astrogeorgeonethree/Starred - https://github.com/Astrogeorgeonethree/Starred2 - https://github.com/Atem1988/Starred - https://github.com/EaglerLight/wifi_poc - https://github.com/WinMin/Protocol-Vul - https://github.com/akabe1/kr00ker - https://github.com/developer3000S/PoC-in-GitHub - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/hexway/r00kie-kr00kie - https://github.com/lnick2023/nicenice - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/raw-packet/raw-packet - https://github.com/xbl3/awesome-cve-poc_qazbnm456