NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Tr4nc3's avatar
Tr4nc3
Initiate
Oct 16, 2017
Solved

WPA2 - KRACK / Vulnerability

Hi Netgear, I think this is really important and should be monitored closely and all the wifi users should ask the vendors to monitor an patch this. Looks like that WPA2 is about to be cracked and ...
Before You Buy
Features
Installation
Troubleshooting
  • mdgm-ntgr's avatar
    mdgm-ntgr
    Oct 17, 2017

    NETGEAR is aware of the recently publicized security exploit KRACK, which takes advantage of security vulnerabilities in WPA2 (WiFi Protected Access II).  NETGEAR has published fixes for multiple products and is working on fixes for others. Please follow the security advisory for updates.

     

    NETGEAR appreciates having security concerns brought to our attention and are constantly monitoring our products to get in front of the latest threats. Being pro-active rather than re-active to emerging security issues is a fundamental belief at NETGEAR.

     

    To protect users, NETGEAR does not publicly announce security vulnerabilities until fixes are publicly available, nor are the exact details of such vulnerabilities released. Once fixes are available, NETGEAR will announce the vulnerabilities from NETGEAR Product Security web page.

jai_net1's avatar
jai_net1
Initiate
Oct 16, 2017

Waiting for a patch from Netgear on KRACK vulnerability in its WPA2 algorithm.

Tr4nc3 wrote:

Hi Netgear,

I think this is really important and should be monitored closely and all the wifi users should ask the vendors to monitor an patch this.

Looks like that WPA2 is about to be cracked and the details / exploit will be released soon.

the US CERT released this note:

"

US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017."

 

Looks like that Aruba , Ubiquiti, Microtik, and other vendors are adressing the issue on software updates.

Can you please let me and all the users know if NETGEAR is currently looking on this ? 

Are you going to update your software to fix all the reported CVEs ?

 

List of CVEs:

CWE-323
CVE-2017-13077
CVE-2017-13078
CVE-2017-13079
CVE-2017-13080
CVE-2017-13081
CVE-2017-13082
CVE-2017-13083
CVE-2017-13084
CVE-2017-13085
CVE-2017-13086
CVE-2017-13087

 

More details:

https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

 

  • Retired_Member's avatar
    Retired_Member
    Oct 16, 2017

    CVE-2017-13088 is also implicated