The vulnerability isn't present in every router, but 0xcite believes that it's in relatively common chipsets from both Broadcom and another, unnamed company that's scrambling to implement a fix. The Wi-Fi Alliance, for its part, tells Ars Technica that the flaw likely stems from how companies implement wireless networking, rather than anything inherent to how the technology works. Whatever the root cause may be, the easiest way to protect against this exploit right now is to turn WPS off -- not a big problem if you're comfortable with a router setup page, but probably more of a hassle than you'd like.