{"id":"CVE-2019-15126","details":"An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.","modified":"2026-05-04T08:23:44.396882Z","published":"2020-02-05T17:15:10.443Z","withdrawn":"2026-05-04T08:23:44.396882Z","related":["SUSE-SU-2021:4003-1","SUSE-SU-2021:4200-1","SUSE-SU-2021:4201-1","SUSE-SU-2022:0068-1","SUSE-SU-2022:0080-1","SUSE-SU-2022:0090-1","SUSE-SU-2022:0366-1","SUSE-SU-2022:0367-1","SUSE-SU-2022:0371-1","openSUSE-SU-2021:1648-1","openSUSE-SU-2022:0366-1"],"references":[{"type":"WEB","url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-003.txt"},{"type":"WEB","url":"http://www.huawei.com/en/psirt/security-notices/huawei-sn-20200228-01-kr00k-en"},{"type":"WEB","url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200226-wi-fi-info-disclosure"},{"type":"WEB","url":"http://packetstormsecurity.com/files/156809/Broadcom-Wi-Fi-KR00K-Proof-Of-Concept.html"},{"type":"WEB","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-712518.pdf"},{"type":"WEB","url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0001"},{"type":"WEB","url":"https://support.apple.com/kb/HT210788"},{"type":"ADVISORY","url":"https://www.synology.com/security/advisory/Synology_SA_20_03"},{"type":"ADVISORY","url":"https://support.apple.com/kb/HT210722"},{"type":"ADVISORY","url":"https://us-cert.cisa.gov/ics/advisories/icsa-20-224-05"},{"type":"ADVISORY","url":"https://www.mist.com/documentation/mist-security-advisory-kr00k-attack-faq/"},{"type":"ADVISORY","url":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200527-01-wifi-en"},{"type":"ADVISORY","url":"https://support.apple.com/kb/HT210721"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"13.2"}]},{"events":[{"introduced":"0"},{"fixed":"13.2"}]},{"events":[{"introduced":"0"},{"fixed":"10.15.1"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15126.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}