Does the latest firmware fix any of the below vulnerabilities? CVE-2017-13077, 13078, 13079, 13080, 13081, 13082, 13084, 13086, 13087, 13088 If not, when will firmware be released to fix these?

Let me share this forum link: https://community.netgear.com/t5/Business-Wireless/NETGEAR-Access-Points-and-KRACK-WPA2-Vulnerabilities/m-p/1403956#M4230

KRACK Vulnerabilities | NETGEAR Communities

30 Replies

Auri
Star
Oct 16, 2017
Agreed - is a patch in the works? Hoping you won't ignore us.

FYI: I heard Microtik has a fix in their latest firmware.

For those of you who are unaware, below is a link to the vulnerability details. Basically, if you're using WPA2 encryption, which almost everyone is, you're vulnerable. Yowsa.

https://betanews.com/2017/10/16/krack-wpa2-security-vulnerability/
- AngryDog
  Guide
  Oct 16, 2017
  Ubiquiti are also releasing a patch. I belive that they have one available on beta test. I've been trying to get my manager to move to Ubiquiti for a while, this could push us..
  - Auri
    Star
    Oct 16, 2017
    I also added a note to their IdeaBoard:
    https://community.netgear.com/t5/Idea-Exchange-For-Business/Patch-for-Krack-Vulnerability/idi-p/1395921#M244
    Give it a thumb up and get their attention?
cheh6ThUp5et
Aspirant
Oct 17, 2017
I have the Netgear Nighthawk R6900.

I just ran the routerlogin.net based update check and it gave me V1.0.1.28_1.0.21 firmware. Then it said this is the latest firmware available. Does this firmware have the fix for KRACK?

Thank you very much.
- mdgm-ntgr
  NETGEAR Employee Retired
  Oct 17, 2017
  NETGEAR is aware of the recently publicized security exploit KRACK, which takes advantage of security vulnerabilities in WPA2 (WiFi Protected Access II). NETGEAR has published fixes for multiple products and is working on fixes for others. Please follow the security advisory for updates.
  
  NETGEAR appreciates having security concerns brought to our attention and are constantly monitoring our products to get in front of the latest threats. Being pro-active rather than re-active to emerging security issues is a fundamental belief at NETGEAR.
  
  To protect users, NETGEAR does not publicly announce security vulnerabilities until fixes are publicly available, nor are the exact details of such vulnerabilities released. Once fixes are available, NETGEAR will announce the vulnerabilities from NETGEAR Product Security web page.
  - Auri
    Star
    Oct 17, 2017
    Heads up that Windows, macOS, iOS, watchOS, and tvOS have already been patched as of last Tuesday.
    
    Netgear - why, after about 2 months, is this not patched across current routers? Is it just a developer capacity issue? I could understand that... just not clear on the blanket "we're aware of it" statement. Anything we can do to help?

Forum Discussion

KRACK Vulnerabilities

30 Replies

Related Content

WPA2 - KRACK / Vulnerability

KRACK Vulnerabilities for PLW1000v1

Patch for Krack Vulnerability

AX4200 RBR750 Vulnerability scan schedule

KRACK WNR612v2

NETGEAR Academy

ProSupport for Business