Chat with us
Establishing connection, please wait while we connect you.

NOW AVAILABLE: Product-Focused Search and Guided Navigation for improved access to product support. Read more.

Kr00k Vulnerability Information

The Kr00k vulnerability potentially affects all WiFi-capable devices that use WiFi chips made by Broadcom or Cypress. This includes several Zebra mobile computers and tablets. 

The vulnerability exploits a temporary disconnect of the WiFi signal (state transition/disassociation). A malicious actor could force devices into a prolonged disassociated state, receive WiFi packets meant for the attacked device, and then use the Kr00k bug to decrypt WiFi traffic.

Only the following products are affected. Other Zebra mobile devices, handheld devices, barcode scanners and printers are not impacted.

Impacted Zebra Products

ProductRelease Date
TC51/56 Oreo5-May
TC70x/75x Oreo
MC33 Oreo 11-May
VC80 Oreo11-May
WT6000 Lollipop
WT6000 Nougat
TC51/56 Nougat
TC70x/75x Nougat
MC33 Nougat11-June
VC80 Nougat11-June
ET50/55 Marshmallow

Disclaimer: Zebra makes every attempt to release security updates on or about the time that Google releases its respective security bulletin. However, delivery time of security updates may vary depending on the region, product model, and third party software suppliers. Under some circumstances, the OS must be updated to the latest maintenance release prior to installing the security updates. Individual product updates will provide specific guidance.

Unless otherwise noted, there have been no reports of active customer exploitation or abuse from these newly reported issues.

Are you aware of a potential security issue with a Zebra Technologies product?