WIFI vulnerabilities (FRAG) - release date of updates

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

WIFI vulnerabilities (FRAG) - release date of updates

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
25 Reply
Re:WIFI vulnerabilities (FRAG) - release date of updates
2021-06-22 09:30:11

@cifzo 

 

Thanks. So noted and updated.

  0  
  0  
#12
Options
Re:WIFI vulnerabilities (FRAG) - release date of updates
2021-06-22 10:59:25

Dear @TPL-User, @cifzo, @JTJames,

 

Thank you for your valued feedback.

 

Regarding the Frag Attacks vulnerabilities, TP-Link has published a statement here for your reference,

https://www.tp-link.com/en/support/faq/3056/

 

TP-Link will maintain and update the advisory in the above link, you may visit that link to check for an update.

In the meanwhile, it's recommended to follow the workarounds provided in the above link to enhance your network security.

 

If you require to fix the vulnerabilities urgently, please contact TP-Link support team via Email <support.forum@tp-link.com> for a solution.

Note: I suggest you attaching this forum link in the email when you do that, and remember to provide the necessary information including model number & hardware version. How to find the hardware version on a TP-Link device: https://www.tp-link.com/support/faq/46/

 

Thank you for your great cooperation and patience. Have a nice day!

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#13
Options
Re:WIFI vulnerabilities (FRAG) - release date of updates
2021-06-22 11:21:53 - last edited 2021-06-22 11:22:52

@Fae 

 

Thank you.

 

I'd read the published statement before but was concerned since it didn't seem to mention the Omada products.

 

Since the Omada line is billed as business level products, versus consumer products like some mentioned in the statement, it would be very helpful to have a separate statement about the business class products the would include which are impacted, an ETA of a fix, etc.

 

Based on the original FragAttack announcement, it mentioned that there was a period of time before public disclosure that companies had knowledge so that they could assess their systems.

 

Since we are well past the public announcement now, some type of public, official statement about the Omada line would be most welcome.

 

Thank you.

  1  
  1  
#14
Options
Re:WIFI vulnerabilities (FRAG) - release date of updates
2021-06-23 03:51:18

Dear @TPL-User,

 

TPL-User wrote

Since the Omada line is billed as business level products, versus consumer products like some mentioned in the statement, it would be very helpful to have a separate statement about the business class products the would include which are impacted, an ETA of a fix, etc.

 

Thank you for your valuable suggestion. I've forwarded this to the support team for further evaluation.

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#15
Options
Re:WIFI vulnerabilities (FRAG) - release date of updates
2021-06-23 21:01:26

@Fae as an owner/admin of the more recent EAP620 HD devices, can you provide an update on a patch? As of now, there is only the original firmware version the product comes with. The hardware model is 1.0. I do have a regular key rotation cycle, and take all security measures I can, but I have a problem with using devices that have known exploits in them that remain unlatched. I am frequently the target of DeAuth attacks, and as far as I'm aware, I have not had an attacker successfully decrypt my keys, but unfortunately I'm required to have several devices attached to my network that are near the edge of coverage, allowing those devices to be attacked without being detectable from my access point.

 

My concern is more about the urgency by TP-Link to provide a patch, rather than the threat level of the exploit itself. For example, if this threat is not patched in a timely manner, what can I expect from TP-Link for future threats? I'm honestly surprised that this wasn't addressed prior to public disclosure.

 

When can I expect a firmware update for EAP620 HD? I'm unsure whether I want to deploy more of these devices and convert to an Omada management system, or pay the premium for a competitor who has already patched these CVEs. Thanks.

  1  
  1  
#16
Options
Re:WIFI vulnerabilities (FRAG) - release date of updates
2021-06-24 06:12:20

@Fae 

 

I fully agree with @technotic . It's not about the specific threat from this vulnerability rather then if TP-Link is able to set timely actions in general. To be honest, based on the feedback within this thread I've my doubts.

 

br

 

  0  
  0  
#17
Options
Re:WIFI vulnerabilities (FRAG) - release date of updates
2021-11-10 14:54:00

@Fae 

I have 10 x EAP245V3 with firmware V5.03 in use. Are the vulnerabilities discussed here fixed in the new update 5.04? 
The release note for 5.04 stating "Optimize security vulnerabilities" is a bit vague...

If not fixed yet, is there a schedule for securing the EAPs?

 

With kind regards

  0  
  0  
#18
Options
Re:WIFI vulnerabilities (FRAG) - release date of updates
2021-11-14 17:28:52

Dear TP-Link team.

 

A bit more transparency on especially security topics would be highly appreciated.

 

br

  0  
  0  
#19
Options
Re:WIFI vulnerabilities (FRAG) - release date of updates
2021-11-19 05:42:38

Dear @Nobbi,

 

Nobbi wrote

I have 10 x EAP245V3 with firmware V5.03 in use. Are the vulnerabilities discussed here fixed in the new update 5.04? 
The release note for 5.04 stating "Optimize security vulnerabilities" is a bit vague...

If not fixed yet, is there a schedule for securing the EAPs? 

 

Thank you for your valued feedback.

 

It has been confirmed that the new update 5.0.4 for EAP245 v3 has fixed the Frag Attack vulnerabilities.

 

The firmware release note has been updated as well.

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#20
Options
Re:WIFI vulnerabilities (FRAG) - release date of updates
2021-11-22 01:12:22

@Fae 

 

will we see an update for the EAP225?

  0  
  0  
#21
Options