New research has identified a WiFi vulnerability that allows attackers within wireless range to repeatedly crash or reboot certain consumer routers by sending malformed wireless traffic.
While the flaw is easy to trigger, researchers stress that it is not a fundamental weakness in WiFi technology and has already been addressed through vendor patches.
The vulnerability, tracked as CVE-2025-14631, affects routers from ASUS and TP-Link and is linked to WiFi firmware associated with Broadcom chipsets.
Black Duck Cybersecurity Research Center (CyRC), which carried out the research, stressed that the flaw was a one-off bug and not a deeper design problem in WiFi systems.
“This appears to be an isolated bug, not a systemic design flaw,” Kari Hulkko, principal software engineer at Black Duck, told Cybernews.
“Broadcom has provided a fix, ASUS has integrated the patched code into their firmware, and we have verified that fix on the affected device,” Hulkko explained.
“Exploitation does not require authentication or advanced technical skill, but it does require physical proximity. The attacker must be within wireless radio range of the target when performing the attack.”
Kari Hulkko, principal software engineer, Black Duck
This includes dense environments such as apartment buildings, offices, or conferences, the most realistic settings for abuse.
The attack could also be carried out from a moving vehicle or even a drone, provided the WiFi signal can reach the router.
The conversation on this topic is live. Join in the discussion.
Due to its simplicity, the most likely real-world application is nuisance disruption rather than espionage.
“Since the attack is low-complexity, it could be used for pranks or nuisance disruptions, Hulkko said, though he added that it could also be used to “temporarily deny network connectivity for a targeted purpose” or “help set up a fake 'evil twin'” access point.
What is fuzz testing, and how was this vulnerability found?
The vulnerability was discovered using a technique called fuzz testing, a method commonly used to find reliability and security flaws in complex software systems.
Fuzz testing involves automatically sending large amounts of unexpected, unreadable, or unusual data inputs to a device to see how it behaves. In this case, CyRC researchers used specialized WiFi protocol fuzzing tools to send malformed wireless frames to real routers and observe the results.
During testing, certain malformed frames cause affected routers to crash or reboot, demonstrating a repeatable denial-of-service condition. The researchers then tested multiple devices, confirmed similar behavior across models, and traced the issue back to shared WiFi firmware code.
After reporting the findings through a coordinated disclosure process, Broadcom supplied a fix, which ASUS integrated into firmware. CyRC then re-tested the pitched devices to confirm the issue was resolved.
Consumers can’t fix this one
Unfortunately, there is nothing end users can do to mitigate this specific issue at the device level, Hulkko confirmed. While the bug is fixable, end users have no practical way to protect themselves from low-level router firmware flaws.
“There is nothing end users can do to mitigate this specific issue at the device level. The most practical actions are to install firmware updates as soon as they are released and, if a device is no longer supported, replace it.”
“There is nothing end users can do to mitigate this specific issue at the device level. The most practical actions are to install firmware updates as soon as they are released and, if a device is no longer supported, replace it.”
Kari Hulkko, principal software engineer, Black Duck
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked