× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Announcements

Polls
What is your Experience with NETGEAR Insight cloud management?
Top Contributors

Patch for Krack Vulnerability

ALL FIRMWARE should be updated. More info: https://betanews.com/2017/10/16/krack-wpa2-security-vulnerability/

36 Comments
Galt
Aspirant

I will be looking for a patch to this vulnerability (Krack) for the Orbi RBR50.  It seems all routers (from all manufacturers) are susceptible since 2003 that use WPA or WPA-2. It’s a fundamental flaw in the underlying encryption protocol.

 

Hopefully Netgear can get the patch out soon.

Retired_Member
Not applicable

Upvoted.

We currently have two WAC104 access points serving the office with no sign of a patch, and no clear announcement from Netgear on the vulnerability and their intended course of action. 

 

 

Mike_Naz
Novice
My organization has 22 WAC740 APs managed by a WC7600V2 controller. We have a made a *substantial* investment in Netgear Wave 2 infrastructure. If they don't get this patched I am going to be extremely disappointed. Aruba and Ubiquity already have a patch released. According to CERT, Netgear has not even filed a response to their vulnerability notice: https://www.kb.cert.org/vuls/id/CHEU-AQNMYE Let's go Netgear! Protect your customer base!
dww_3
Onlooker

I second the above - What is the status of a patch for the R7000? 

minimeme
Tutor
Or, the status of a patch for the R6220?
Samsf28
Aspirant

Is the R8000 patched for this vulnerability? If not when will the patch be released please?

larryh272
Onlooker
Vendor Information for VU#228519 Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to induce nonce and session key reuse Netgear notified August 28
larryh272
Onlooker
Microsoft says the Windows updates released on October 10th protect customers, and the company “withheld disclosure until other vendors could develop and release updates.” Maybe NETGEAR withheld it's notification?
dww_3
Onlooker

I think it was known about in late August...

dww_3
Onlooker