NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
ALL FIRMWARE should be updated. More info: https://betanews.com/2017/10/16/krack-wpa2-security-vulnerability/
36 Comments
- Does R7000 Firmware Version 1.0.9.12 address the KRACK vulnerability? What about Universal PnP vulnerabilities? Thanks.
My D7000 is offering me a firmware update to V1.0.1.50 should I and is that the Krack fix? It's decribed as [Enhancement] Security enhancement.
- From what I've read on multiple sites an agreement was made with all vendors and CERT not to publicly announce this WPA 2 Security Vulnerability until Monday at 08:00 EST. After reading the news Monday morning where I got my first report of the vulnerability I checked the NETGEAR website for a notice. Nothing was posted... I read your notice this morning. Thanks, great job but it should have been posted yesterday morning. After the Equifax Breach mine and others sensitivity to vendors policies such as ' NETGEAR does not publicly announce security vulnerabilities until fixes are publicly available, nor are the exact details of such vulnerabilities released.' might not meet our financial needs or best interests. I can always shut your equipment off until you can define the vulnerability and create a fix.
"pro-active" or "re-active" as you prefer...
Netgear has to patch and fix for all products as soon as possible.
A foundamenta belief in my home is use WiFi, when can I use my DGND3700v2 with KRACK fixing patch???
L
NETGEAR is aware of the recently publicized security exploit KRACK, which takes advantage of security vulnerabilities in WPA2 (WiFi Protected Access II). NETGEAR has published fixes for multiple products and is working on fixes for others. Please follow the security advisory for updates.
NETGEAR appreciates having security concerns brought to our attention and are constantly monitoring our products to get in front of the latest threats. Being pro-active rather than re-active to emerging security issues is a fundamental belief at NETGEAR.
To protect users, NETGEAR does not publicly announce security vulnerabilities until fixes are publicly available, nor are the exact details of such vulnerabilities released. Once fixes are available, NETGEAR will announce the vulnerabilities from NETGEAR Product Security web page.
Need a patch for R6220 and wnr2000v3
This vunerability was first disclosed to manufacturers by the researcher in mid July,
CERT sent notifications on Aug 28th, and ICASI sent notifications to members on Sep 12th.
I'm hoping that Netgear decides to provide patches for more than just the following gear:
Netgear: WAC120, WAC505/WAC510, WAC720/730, WN604, WNAP210v2, WNAP320, WNDAP350, WNDAP620, WNDAP660, WND930
I think it was known about in late August...
- Microsoft says the Windows updates released on October 10th protect customers, and the company “withheld disclosure until other vendors could develop and release updates.” Maybe NETGEAR withheld it's notification?
- Vendor Information for VU#228519 Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to induce nonce and session key reuse Netgear notified August 28
