Reply

Orbi RBK50 WPA2 - KRACK Vulnerability

Tr4nc3
Luminary

WPA2 - KRACK / Vulnerability

Hi Netgear,

I think this is really important and should be monitored closely and all the wifi users should ask the vendors to monitor an patch this.

Looks like that WPA2 is about to be cracked and the details / exploit will be released soon.

the US CERT released this note:

"

US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017."

 

Looks like that Aruba , Ubiquiti, Microtik, and other vendors are adressing the issue on software updates.

Can you please let me and all the users know if NETGEAR is currently looking on this ? 

Are you going to update your software to fix all the reported CVEs ?

 

List of CVEs:

CWE-323
CVE-2017-13077
CVE-2017-13078
CVE-2017-13079
CVE-2017-13080
CVE-2017-13081
CVE-2017-13082
CVE-2017-13083
CVE-2017-13084
CVE-2017-13085
CVE-2017-13086
CVE-2017-13087

 

More details:

https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-tra...

Model: Orbi High-Performance AC3000 Tri-Band WiFi System (RBK50)
Message 1 of 45

Accepted Solutions
mdgm-ntgr
NETGEAR Employee Retired

Re: WPA2 - KRACK / Vulnerability

NETGEAR is aware of the recently publicized security exploit KRACK, which takes advantage of security vulnerabilities in WPA2 (WiFi Protected Access II).  NETGEAR has published fixes for multiple products and is working on fixes for others. Please follow the security advisory for updates.

 

NETGEAR appreciates having security concerns brought to our attention and are constantly monitoring our products to get in front of the latest threats. Being pro-active rather than re-active to emerging security issues is a fundamental belief at NETGEAR.

 

To protect users, NETGEAR does not publicly announce security vulnerabilities until fixes are publicly available, nor are the exact details of such vulnerabilities released. Once fixes are available, NETGEAR will announce the vulnerabilities from NETGEAR Product Security web page.

View solution in original post

Message 22 of 45

All Replies
jai_net1
Luminary

Re: WPA2 - KRACK / Vulnerability

Waiting for a patch from Netgear on KRACK vulnerability in its WPA2 algorithm.


@Tr4nc3 wrote:

Hi Netgear,

I think this is really important and should be monitored closely and all the wifi users should ask the vendors to monitor an patch this.

Looks like that WPA2 is about to be cracked and the details / exploit will be released soon.

the US CERT released this note:

"

US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017."

 

Looks like that Aruba , Ubiquiti, Microtik, and other vendors are adressing the issue on software updates.

Can you please let me and all the users know if NETGEAR is currently looking on this ? 

Are you going to update your software to fix all the reported CVEs ?

 

List of CVEs:

CWE-323
CVE-2017-13077
CVE-2017-13078
CVE-2017-13079
CVE-2017-13080
CVE-2017-13081
CVE-2017-13082
CVE-2017-13083
CVE-2017-13084
CVE-2017-13085
CVE-2017-13086
CVE-2017-13087

 

More details:

https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-tra...


 

Message 2 of 45
Squuiid
Luminary

Re: WPA2 - KRACK / Vulnerability

Agreed. Every single Netgear device with Wi-Fi is vulnerable to this and while other vendors already have firmware updates addressing this vulnerability Netgear has nothing!

 

Message 3 of 45
cinek
Luminary

Re: WPA2 - KRACK / Vulnerability

guys but this is catch 22.... have a stable-ish system with the wifi bug or have a secure system and a broken orbi...... 

Message 4 of 45
soins
Luminary

Re: WPA2 - KRACK / Vulnerability

Some other vendors already released patches (OpenBSD, Mikrotik...) thus NetGear must demonstrate to the community that security is a serious topic for them.

Message 5 of 45
SkywalkerPD
Luminary

Re: WPA2 - KRACK / Vulnerability

You can also find information here https://www.krackattacks.com/

Model: Orbi High-Performance AC3000 Tri-Band WiFi System (RBK50)
Message 6 of 45
rhester72
Virtuoso

Re: WPA2 - KRACK / Vulnerability

And from that very site, prominently in the FAQ:

 

What if there are no security updates for my router?

 

Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones.

Message 7 of 45
Tr4nc3
Luminary

Re: WPA2 - KRACK / Vulnerability

Hey   rhester72, good point ... Indeed looks to be on the client side but we need to remember that on a Mesh network the satelite is also a client of the main router or other satelities .

Sniffing the traffic from the satelite to the router would have all the connections of the connected devices and backhaul communication .... so you would be able to sniff the network traffic just like an old network HUB.

I would love to hear from Netgear on this and if they managed to test this attack surface.

 

 

Message 8 of 45
Luiz_Leme
Luminary

Re: WPA2 - KRACK / Vulnerability

Hi Netgear. I have a router Nighthawk X6 | Tri-Band WiFi Router | AC3200 (R8000) | NETGEAR.

 

Any news about the WPA2 Security Flaw patch??

 

When do you release it? It's urgent!

 

Thanks

Message 9 of 45
rhester72
Virtuoso

Re: WPA2 - KRACK / Vulnerability

I _think_ the Orbi backhaul traffic is double-encrypted, both with WPA2 on-the-wire and a second layer of encryption at the layer 7 level between the devices, which would make a MITM attack fruitless (if inconvenient, because it would obviously break comms between the satellite and router).

 

It would be nice to hear an official position from Netgear.

Message 10 of 45
rbrinson
Luminary

Orbi RBK50 WPA2 - KRACK Vulnerability

Does the recent firmware version 2.0.0.74 for the Orbi AC3000 mesh WiFi system contain a fix for the WPA2 - KRACK vulnerability? According to the Vulnerability Notes Database, Netgear was notified on August 28, 2017 concerning this critical problem (https://www.kb.cert.org/vuls/id/CHEU-AQNMYE). If this latest firmware does not contain a fix, will Netgear be supplying one in the very near future?

Model: Orbi High-Performance AC3000 Tri-Band WiFi System (RBK50)
Message 11 of 45
Retired_Member
Not applicable

Re: WPA2 - KRACK / Vulnerability

CVE-2017-13088 is also implicated

Message 12 of 45
Retired_Member
Not applicable

Re: WPA2 - KRACK / Vulnerability

As the wifi router is the end-point to which the clients are connecting, fixing the wifi router protects every client that connects to it :gulp:  The router is the centralized single point of control which can effect total network security.

Message 13 of 45
jpaukkunen
Luminary

Re: WPA2 - KRACK / Vulnerability

Hello Netgear,

 

Please advise status of patching for crackattacks exploit. I turned the router radios off to mitigate but this is not a long term solution. Firmware V1.0.3.54_1.1.37.

Thanks,

Jarmo

Message 14 of 45
MacLiam
Luminary

Re: WPA2 - KRACK / Vulnerability

According to this -- https://www.kb.cert.org/vuls/id/228519 -- Netgear was notified of the issue on August 28, along with just about everybody else except for a few firms that got the news in September. Since then, Netgear has offered two firmware updates for the WNDR3400 line, the last (1.0.1.14) on October 4. It is possible the fix is already in, but if so why is Netgear holding its silence rather than reassuring its millions of users?

Message 15 of 45
aaz
Virtuoso
Virtuoso

Re: WPA2 - KRACK / Vulnerability

We don't know when Netgear was notified of the details of this attack, at the most it was a month (since early sept) That is not enough time for some companies to patch depending on thier processes.

 

Also this attack is mostly client side, and Android / Linux seems to be the most vulernable. Other clients are too based on FAST 802.11R prorotocal, but you can turn that off in Orib within the new Firmware.

 

In essence, by turning off FAST roaming at the router you are protecting as much as you can from a router perspective, and the rest is up to the devices that attach. Make sure you update all of your IOT devices such as cameras, TV's and Android devices.

 

Apple already has a patch in beta that should be release before any attack actually surfaces.

Message 16 of 45
jpaukkunen
Luminary

Re: WPA2 - KRACK / Vulnerability

Thanks AAZ,

All vendors were notified in late June.

Jarmo

Message 17 of 45
cyberprashant
Luminary

Re: WPA2 - KRACK / Vulnerability

Message 18 of 45
cyberprashant
Luminary

Re: Orbi RBK50 WPA2 - KRACK Vulnerability

Message 19 of 45
Ely
Luminary Luminary
Luminary

Re: WPA2 - KRACK / Vulnerability

I'm also waiting for a response from Netgear regarding this issue, it's a very serious vulnerability, many vendors have already started providing a patch.

Message 20 of 45
jpaukkunen
Luminary

Re: WPA2 - KRACK / Vulnerability

Hello Ely,

Please see https://kb.netgear.com/000049498/Security-Advisory-for-WPA-2-Vulnerabilities-PSV-2017-2826-PSV-2017-... . Looks like WAPs are only vulnerable in bridge mode - meaning you need at least 2. The vulnerable handshake would occur when they 'pair'. Which makes sense, as the WAP is not going to try to initiate a handshake session with an endpoint, it's the other way around. Good luck!

Jarmo

Message 21 of 45
mdgm-ntgr
NETGEAR Employee Retired

Re: WPA2 - KRACK / Vulnerability

NETGEAR is aware of the recently publicized security exploit KRACK, which takes advantage of security vulnerabilities in WPA2 (WiFi Protected Access II).  NETGEAR has published fixes for multiple products and is working on fixes for others. Please follow the security advisory for updates.

 

NETGEAR appreciates having security concerns brought to our attention and are constantly monitoring our products to get in front of the latest threats. Being pro-active rather than re-active to emerging security issues is a fundamental belief at NETGEAR.

 

To protect users, NETGEAR does not publicly announce security vulnerabilities until fixes are publicly available, nor are the exact details of such vulnerabilities released. Once fixes are available, NETGEAR will announce the vulnerabilities from NETGEAR Product Security web page.

Message 22 of 45
StevenT
Luminary

Re: Orbi RBK50 WPA2 - KRACK Vulnerability

Hopefully it won't take too long for Netgear to release updated firmware for the Orbi's that address the KRACK vulnerability.  

Also look into updating all of your clients, when updates actually become available.

Message 23 of 45
rhester72
Virtuoso

Re: WPA2 - KRACK / Vulnerability

I have to say...given the known facts about the disclosure of the vulnerability to vendors, I'm not sure 'proactive' is the word I'd use, and the whole reason this thread exists is because CERT waited as long as they could before a coordinated announcement...thus the exact details of the vulnerabilities are very much released as a call to action to those who failed to respond in a timely fashion.

 

I appreciate that Netgear has a very large number of affected products in the wild, but given that is literally your line of business and that severe security vulnerabilities are discovered against the most common components of consumer network gear every few months, it's really just part of the business model.

 

To be honest, I'd have preferred a response along the lines of "our bad, we've too many products to patch in only two months, we've hired staff and are literally working three shifts a day to resolve this, please stay tuned for weekly status updates" versus "we're a very proactive company who doesn't release information for your protection".  It rings very, very hollow.

Message 24 of 45
AAJ102a
Luminary

Re: WPA2 - KRACK / Vulnerability

So what about recent router models like mine that aren't mentioned in Netgear's announcement? Do they not need a patch (unlikely!), or is Netgear abandoning them?

Message 25 of 45
Top Contributors
Discussion stats
Announcements

Orbi WiFi 6E