CyRC Advisory: Vulnerability in Broadcom Chipset Causes Network Disruption and Client Disconnection on Wireless Routers

•January 13, 2026

Security Boulevard•Jan 13, 2026

Companies Mentioned

Broadcom

AVGO

ASUS

2357

Black Duck

Why It Matters

The flaw affects any device employing the same Broadcom chipset, exposing enterprise and consumer networks to easy denial‑of‑service attacks and data interruption. Prompt patch adoption is essential to maintain Wi‑Fi availability and protect downstream services.

Key Takeaways

•Single-frame over‑air attack disables 5 GHz Wi‑Fi
•Ethernet and 2.4 GHz remain functional
•CVSS 8.4 high severity, remote, no auth
•Broadcom issued patch; ASUS released firmware update
•Devices older than firmware 3.0.0.6.102 vulnerable

Pulse Analysis

The vulnerability surfaced during rigorous fuzz testing of 802.11 protocol implementations, where CyRC’s Defensics suite triggered an anomaly that halted the 5 GHz radio on ASUS routers. The root cause traces to Broadcom’s chipset firmware, which mishandles a crafted management frame, leading to a complete loss of Wi‑Fi service while leaving Ethernet and 2.4 GHz bands untouched. With a CVSS 4.0 rating of 8.4, the issue exemplifies a high‑impact, low‑complexity remote attack that can be launched without authentication, underscoring the importance of robust firmware validation in wireless hardware.

For network operators, the advisory raises immediate concerns about service continuity and data integrity. The attack can be executed from any device within radio range, making it a viable threat in dense office environments, public hotspots, and IoT deployments that rely on 5 GHz connectivity for high‑throughput tasks. A disrupted Wi‑Fi link not only isolates clients but also risks corrupting in‑flight data streams, potentially affecting critical applications such as video conferencing, cloud backups, and real‑time analytics. The broader supply‑chain implication is clear: chipset‑level flaws propagate across multiple OEMs, amplifying exposure across the market.

Broadcom’s rapid patch delivery and ASUS’s firmware rollout demonstrate an effective coordinated response, yet the advisory highlights the need for continuous firmware hygiene. Organizations should inventory devices that run Broadcom‑based Wi‑Fi modules, verify firmware versions against the 3.0.0.6.102_37841 baseline, and enforce automated update policies where possible. Additionally, implementing network segmentation, monitoring for abnormal Wi‑Fi resets, and maintaining up‑to‑date intrusion‑detection signatures can mitigate residual risk. As wireless standards evolve, proactive security testing and swift patch dissemination will remain pivotal in safeguarding the increasingly connected enterprise landscape.