- Black Duck says a single crafted 5GHz Wi‑Fi frame can disable a router’s 5GHz network and kick connected clients offline, bypassing WPA2/WPA3.
- SC Media reports ASUS RT‑BE86U routers running firmware 3.0.0.6.102_37612 and older are affected, with a fix in 3.0.0.6.102_37841.
- NETGEAR’s January 2026 security advisory lists multiple CVEs for Orbi routers and WiFi range extenders and urges users to update firmware and enable automatic updates.
A newly disclosed Broadcom Wi‑Fi chipset software flaw can let a nearby attacker disrupt a router’s 5GHz network with a single specially crafted Wi‑Fi frame, instantly dropping active clients and preventing them from reconnecting. Broadcom told researchers it has shipped a patch to device manufacturers, and ASUS has released firmware updates for affected products. (SecurityWeek)
This matters because it’s a “within radio range” problem, not an internet-wide hack—meaning it’s the kind of thing that can hit apartments, offices, conference centers, and anywhere else people rely on always-on wireless.
It also undercuts a common assumption: even if you’re using modern Wi‑Fi security like WPA2 or WPA3, you can still get knocked offline if the weakness sits lower in the stack. It’s basically a denial-of-service (DoS) issue—DoS meaning an attacker stops a service from working—rather than a password-stealing attack.
In reporting that followed the disclosure, SC Media said the bug was found during fuzz testing (automated “throw weird inputs at it” testing) of the ASUS RT‑BE86U router, then traced back to Broadcom chip software. The outlet added that RT‑BE86U units on firmware 3.0.0.6.102_37612 and older are impacted, with the fix arriving in firmware 3.0.0.6.102_37841. (SC Media)
One uncomfortable twist is how messy “who’s affected” can get when a bug lives in shared components. The researchers said they started from an ASUS router, but the underlying issue is in Broadcom chipset software—so the real question becomes which other vendors are using the same affected code in their products.
Qualys VP of Engineering Saumitra Das called the attack “easy to execute” and “highly disruptive” in comments to SC Media, a reminder that mature networking tech can still cough up brand-new, very practical attack paths.
BeyondTrust Field CTO James Maude warned that repeatedly knocking the legitimate access point offline could “open the door to evil twin attacks,” where an attacker spins up a rogue hotspot mimicking the real network name. Even if HTTPS reduces classic interception, Maude pointed to captive portal phishing as a real worry when users scramble to get back online.
And the fallout doesn’t have to be exotic to be painful. Cequence Security CISO Randolph Barr described scenarios where connectivity drops mid-call, mid-meeting, or during customer escalations—disruptions that can push people into risky workarounds like jumping onto personal hotspots or unmanaged networks.
There are still big unknowns. A full list of impacted router models isn’t public, and SecurityWeek noted it’s unclear which other vendors use the affected Broadcom chipset—meaning the patch story depends on OEMs pushing firmware updates and people actually installing them.
NETGEAR, meanwhile, is dealing with its own router and extender issues: the company’s January 2026 security advisory lists multiple vulnerabilities across Orbi systems and WiFi range extenders, including an authentication bypass that could let a user on the local network access an Orbi web interface as admin (CVE-2026-0405) and a separate authentication bypass risk for certain extenders (CVE-2026-0407). The bulletin also describes a path traversal bug in some extenders (CVE-2026-0408) that could expose a dynamically generated file recording usernames and passwords submitted to the router GUI, and NETGEAR urges customers to enable automatic updates and move to the fixed firmware versions it lists for each model. (Netgear)
If you’re trying to stay ahead of this stuff, the boring advice is still the best advice: check your router’s firmware version, turn on automatic updates when available, and apply vendor firmware releases promptly. If you’re in an environment where a 5GHz outage would be catastrophic, it may also be worth having a fallback plan (wired or 2.4GHz) and keeping an eye out for suspicious “lookalike” Wi‑Fi networks showing up when the real one mysteriously drops.
