- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: KRACK Vulnerabilities
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Does the latest firmware fix any of the below vulnerabilities?
CVE-2017-13077, 13078, 13079, 13080, 13081, 13082, 13084, 13086, 13087, 13088
If not, when will firmware be released to fix these?
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: KRACK Vulnerabilities
Agreed - is a patch in the works? Hoping you won't ignore us.
FYI: I heard Microtik has a fix in their latest firmware.
For those of you who are unaware, below is a link to the vulnerability details. Basically, if you're using WPA2 encryption, which almost everyone is, you're vulnerable. Yowsa.
https://betanews.com/2017/10/16/krack-wpa2-security-vulnerability/
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: KRACK Vulnerabilities
Ubiquiti are also releasing a patch. I belive that they have one available on beta test. I've been trying to get my manager to move to Ubiquiti for a while, this could push us..
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: KRACK Vulnerabilities
I also added a note to their IdeaBoard:
Give it a thumb up and get their attention?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: KRACK Vulnerabilities
Done! This is serious and needs addressing ASAP.
My only query is, is that does a patched AP with an unpatched device (like a mobile phone / laptop) mean that it is secure?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: KRACK Vulnerabilities
From what I understand, as long as ONE device is patched, you're OK. It appears that the hack works by forging a copy of the Wi-Fi network, then getting the device onto the forged network. If the device doesn't require a certificate re-send on the hop to the new network, then it's vulnerable. I tweeted a link:
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007_FAQ_Rev-1.pdf
Ideally, you want the client OS patched, and all routers as quickly as possible.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: KRACK Vulnerabilities
Reading more into this, and thanks to your link, traffic sent via HTTPS doesn't seem to be affected?
Also, would using a VPN negate this as well?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: KRACK Vulnerabilities
It seems any tools for sniffing and decrypting network traffic would work once an attacker has you on "their" network. So, I'm thinking VPN and HTTPS should be pretty safe, since they're encrypted from the client to the destination. However, that doesn't preclude an attacker from recording the packets and eventually decrypting them. You're on "their" network, after all. At least, that's the way I see it.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: KRACK Vulnerabilities
Yes that would make sense. The idea is though to make sure you're not on "their" network, and the only way of doing that currently is to effectively get patched, once patches are available.
The issue is, when are those patches going to be available? It has become an arms race.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: KRACK Vulnerabilities
WAC720/WAC730 - > firmware version 3.7.12.0 is having the fix.
- Fixed security vulnerabilities in WPA2 handshake mechanism.
Please refer the link below for more details.
https://kb.netgear.com/000049001/WAC720-WAC730-Firmware-Version-3-7-12-0
Thanks
Raghu
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: KRACK Vulnerabilities
Thanks. I did see that but wasn't sure as it isn't very specific, and I like specifics!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: KRACK Vulnerabilities
Well that was fun. The firmware update broke the Access Point, thanks for that.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: KRACK Vulnerabilities
Which firmware update? Haven't seen a new one come through yet.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: KRACK Vulnerabilities
It helps to scroll up. I'll try it today! Thanks!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: KRACK Vulnerabilities
Ahh, I see. I have an R8000 X6 Nighthawk consumer router. Will there be a firmware update coming for that product?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: KRACK Vulnerabilities
I wouldnt use it. Its broken the Access Point here. I am not amused.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: KRACK Vulnerabilities
However, any connection you make from a device to a server, such as your bank, should be protected if you are using adequate encryption for that session. This is analogous to tapping your phone line, but if you are using strong encrypted communications all the eavesdropper hears is noise.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: KRACK Vulnerabilities
When will a firmware patch to address the Krack WPA/WPA2 vulnerability be released for the Orbi RBK53 (RBR50)?
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: KRACK Vulnerabilities
Second vote for patch for X6 AC32000 Nighthawk (R8000)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: KRACK Vulnerabilities
I have the Netgear Nighthawk R6900.
I just ran the routerlogin.net based update check and it gave me V1.0.1.28_1.0.21 firmware. Then it said this is the latest firmware available. Does this firmware have the fix for KRACK?
Thank you very much.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: KRACK Vulnerabilities
NETGEAR is aware of the recently publicized security exploit KRACK, which takes advantage of security vulnerabilities in WPA2 (WiFi Protected Access II). NETGEAR has published fixes for multiple products and is working on fixes for others. Please follow the security advisory for updates.
NETGEAR appreciates having security concerns brought to our attention and are constantly monitoring our products to get in front of the latest threats. Being pro-active rather than re-active to emerging security issues is a fundamental belief at NETGEAR.
To protect users, NETGEAR does not publicly announce security vulnerabilities until fixes are publicly available, nor are the exact details of such vulnerabilities released. Once fixes are available, NETGEAR will announce the vulnerabilities from NETGEAR Product Security web page.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: KRACK Vulnerabilities
Heads up that Windows, macOS, iOS, watchOS, and tvOS have already been patched as of last Tuesday.
Netgear - why, after about 2 months, is this not patched across current routers? Is it just a developer capacity issue? I could understand that... just not clear on the blanket "we're aware of it" statement. Anything we can do to help?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: KRACK Vulnerabilities
It's my understanding that the Apple fixes are in beta, not production updates at this point.
You can read how a range of companies have responded to requests for comment on KRACK: KRACK attack: Here's how companies are responding
You can follow our security advisory for updates.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: KRACK Vulnerabilities
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: KRACK Vulnerabilities
Correct, apparently it's in betas and not released. My bad. http://appleinsider.com/articles/17/10/16/apple-confirms-krack-wi-fi-wpa-2-attack-vector-patched-in-...