WIFI vulnerabilities (FRAG) - release date of updates
Hi,
when are the updates available for the OMADA devices to patch the new discovered WIFI issues https://www.fragattacks.com/?
br
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Dear @TPL-User, @cifzo, @JTJames,
Thank you for your valued feedback.
Regarding the Frag Attacks vulnerabilities, TP-Link has published a statement here for your reference,
https://www.tp-link.com/en/support/faq/3056/
TP-Link will maintain and update the advisory in the above link, you may visit that link to check for an update.
In the meanwhile, it's recommended to follow the workarounds provided in the above link to enhance your network security.
If you require to fix the vulnerabilities urgently, please contact TP-Link support team via Email <support.forum@tp-link.com> for a solution.
Note: I suggest you attaching this forum link in the email when you do that, and remember to provide the necessary information including model number & hardware version. How to find the hardware version on a TP-Link device: https://www.tp-link.com/support/faq/46/
Thank you for your great cooperation and patience. Have a nice day!
- Copy Link
- Report Inappropriate Content
Thank you.
I'd read the published statement before but was concerned since it didn't seem to mention the Omada products.
Since the Omada line is billed as business level products, versus consumer products like some mentioned in the statement, it would be very helpful to have a separate statement about the business class products the would include which are impacted, an ETA of a fix, etc.
Based on the original FragAttack announcement, it mentioned that there was a period of time before public disclosure that companies had knowledge so that they could assess their systems.
Since we are well past the public announcement now, some type of public, official statement about the Omada line would be most welcome.
Thank you.
- Copy Link
- Report Inappropriate Content
Dear @TPL-User,
TPL-User wrote
Since the Omada line is billed as business level products, versus consumer products like some mentioned in the statement, it would be very helpful to have a separate statement about the business class products the would include which are impacted, an ETA of a fix, etc.
Thank you for your valuable suggestion. I've forwarded this to the support team for further evaluation.
- Copy Link
- Report Inappropriate Content
@Fae as an owner/admin of the more recent EAP620 HD devices, can you provide an update on a patch? As of now, there is only the original firmware version the product comes with. The hardware model is 1.0. I do have a regular key rotation cycle, and take all security measures I can, but I have a problem with using devices that have known exploits in them that remain unlatched. I am frequently the target of DeAuth attacks, and as far as I'm aware, I have not had an attacker successfully decrypt my keys, but unfortunately I'm required to have several devices attached to my network that are near the edge of coverage, allowing those devices to be attacked without being detectable from my access point.
My concern is more about the urgency by TP-Link to provide a patch, rather than the threat level of the exploit itself. For example, if this threat is not patched in a timely manner, what can I expect from TP-Link for future threats? I'm honestly surprised that this wasn't addressed prior to public disclosure.
When can I expect a firmware update for EAP620 HD? I'm unsure whether I want to deploy more of these devices and convert to an Omada management system, or pay the premium for a competitor who has already patched these CVEs. Thanks.
- Copy Link
- Report Inappropriate Content
I fully agree with @technotic . It's not about the specific threat from this vulnerability rather then if TP-Link is able to set timely actions in general. To be honest, based on the feedback within this thread I've my doubts.
br
- Copy Link
- Report Inappropriate Content
I have 10 x EAP245V3 with firmware V5.03 in use. Are the vulnerabilities discussed here fixed in the new update 5.04?
The release note for 5.04 stating "Optimize security vulnerabilities" is a bit vague...
If not fixed yet, is there a schedule for securing the EAPs?
With kind regards
- Copy Link
- Report Inappropriate Content
Dear TP-Link team.
A bit more transparency on especially security topics would be highly appreciated.
br
- Copy Link
- Report Inappropriate Content
Dear @Nobbi,
Nobbi wrote
I have 10 x EAP245V3 with firmware V5.03 in use. Are the vulnerabilities discussed here fixed in the new update 5.04?
The release note for 5.04 stating "Optimize security vulnerabilities" is a bit vague...If not fixed yet, is there a schedule for securing the EAPs?
Thank you for your valued feedback.
It has been confirmed that the new update 5.0.4 for EAP245 v3 has fixed the Frag Attack vulnerabilities.
The firmware release note has been updated as well.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 4188
Replies: 25
Voters 0
No one has voted for it yet.