ESET security researchers have revealed Kr00k-like vulnerabilities that affect more chip brands. This vulnerability is triggerable by a disassociation which leads to undesirable disclosure of data by transmitting unencrypted data in the place of encrypted data frames. The main difference is that, instead of being encrypted with an all-zero session key, the data is not encrypted at all despite the encryption flags being set.
You can view the full report here: https://extremeportal.force.com/ExtrArticleDetail?an=000059996
Extreme PSIRT: email@example.com