@cifzo 

Thanks. So noted and updated.

@Fae 

Thank you.

I'd read the published statement before but was concerned since it didn't seem to mention the Omada products.

Since the Omada line is billed as business level products, versus consumer products like some mentioned in the statement, it would be very helpful to have a separate statement about the business class products the would include which are impacted, an ETA of a fix, etc.

Based on the original FragAttack announcement, it mentioned that there was a period of time before public disclosure that companies had knowledge so that they could assess their systems.

Since we are well past the public announcement now, some type of public, official statement about the Omada line would be most welcome.

Thank you.

@Fae as an owner/admin of the more recent EAP620 HD devices, can you provide an update on a patch? As of now, there is only the original firmware version the product comes with. The hardware model is 1.0. I do have a regular key rotation cycle, and take all security measures I can, but I have a problem with using devices that have known exploits in them that remain unlatched. I am frequently the target of DeAuth attacks, and as far as I'm aware, I have not had an attacker successfully decrypt my keys, but unfortunately I'm required to have several devices attached to my network that are near the edge of coverage, allowing those devices to be attacked without being detectable from my access point.

My concern is more about the urgency by TP-Link to provide a patch, rather than the threat level of the exploit itself. For example, if this threat is not patched in a timely manner, what can I expect from TP-Link for future threats? I'm honestly surprised that this wasn't addressed prior to public disclosure.

When can I expect a firmware update for EAP620 HD? I'm unsure whether I want to deploy more of these devices and convert to an Omada management system, or pay the premium for a competitor who has already patched these CVEs. Thanks.

@Fae 

I fully agree with @technotic . It's not about the specific threat from this vulnerability rather then if TP-Link is able to set timely actions in general. To be honest, based on the feedback within this thread I've my doubts.

br

@Fae 

I have 10 x EAP245V3 with firmware V5.03 in use. Are the vulnerabilities discussed here fixed in the new update 5.04? 
The release note for 5.04 stating "Optimize security vulnerabilities" is a bit vague...

If not fixed yet, is there a schedule for securing the EAPs?

With kind regards

Dear TP-Link team.

A bit more transparency on especially security topics would be highly appreciated.

br

@Fae 

will we see an update for the EAP225?