NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Tr4nc3's avatar
Tr4nc3
Initiate
Oct 16, 2017
Solved

WPA2 - KRACK / Vulnerability

Hi Netgear, I think this is really important and should be monitored closely and all the wifi users should ask the vendors to monitor an patch this. Looks like that WPA2 is about to be cracked and ...
Before You Buy
Features
Installation
Troubleshooting
  • mdgm-ntgr's avatar
    mdgm-ntgr
    Oct 16, 2017

    NETGEAR is aware of the recently publicized security exploit KRACK, which takes advantage of security vulnerabilities in WPA2 (WiFi Protected Access II).  NETGEAR has published fixes for multiple products and is working on fixes for others. Please follow the security advisory for updates.

     

    NETGEAR appreciates having security concerns brought to our attention and are constantly monitoring our products to get in front of the latest threats. Being pro-active rather than re-active to emerging security issues is a fundamental belief at NETGEAR.

     

    To protect users, NETGEAR does not publicly announce security vulnerabilities until fixes are publicly available, nor are the exact details of such vulnerabilities released. Once fixes are available, NETGEAR will announce the vulnerabilities from NETGEAR Product Security web page.

mdgm-ntgr's avatar
mdgm-ntgr
NETGEAR Employee Retired
Oct 16, 2017

NETGEAR is aware of the recently publicized security exploit KRACK, which takes advantage of security vulnerabilities in WPA2 (WiFi Protected Access II).  NETGEAR has published fixes for multiple products and is working on fixes for others. Please follow the security advisory for updates.

 

NETGEAR appreciates having security concerns brought to our attention and are constantly monitoring our products to get in front of the latest threats. Being pro-active rather than re-active to emerging security issues is a fundamental belief at NETGEAR.

 

To protect users, NETGEAR does not publicly announce security vulnerabilities until fixes are publicly available, nor are the exact details of such vulnerabilities released. Once fixes are available, NETGEAR will announce the vulnerabilities from NETGEAR Product Security web page.

rhester72's avatar
rhester72
Virtuoso
Oct 17, 2017

I have to say...given the known facts about the disclosure of the vulnerability to vendors, I'm not sure 'proactive' is the word I'd use, and the whole reason this thread exists is because CERT waited as long as they could before a coordinated announcement...thus the exact details of the vulnerabilities are very much released as a call to action to those who failed to respond in a timely fashion.

 

I appreciate that Netgear has a very large number of affected products in the wild, but given that is literally your line of business and that severe security vulnerabilities are discovered against the most common components of consumer network gear every few months, it's really just part of the business model.

 

To be honest, I'd have preferred a response along the lines of "our bad, we've too many products to patch in only two months, we've hired staff and are literally working three shifts a day to resolve this, please stay tuned for weekly status updates" versus "we're a very proactive company who doesn't release information for your protection".  It rings very, very hollow.