Based on several security reports, it is understood that TPLink has not patched their routers including the latest ones against Pixie Dust attack and that disabling WPS from the UI does not make the problem go away. 
 

Hence I would like to hear from TPLink if they've gotten around to patching this 10 year old known problem?

Pixie Dust is a devastating Wi-Fi vulnerability that targets the WPS (Wi-Fi Protected Setup) protocol—specifically its cryptographic weakness in how it handles PIN authentication.

---

🧨 What Pixie Dust Does

• Exploits weak nonce generation in WPS handshake
• Allows attackers to recover the WPS PIN offline in seconds
• Once the PIN is cracked, the attacker can extract the WPA2 password and connect to the network—even if the password is strong

---

🔬 How It Works

1. WPS handshake captured: Attacker sniffs the initial EAP-TLS exchange between router and client
2. Nonces are predictable: Many routers use low-entropy or reused random numbers
3. PIN cracked offline: Tools like Reaver or Bully iterate only ~11,000 combinations for the first half and ~1,000 for the second
4. WPA2 key extracted: Once the correct PIN is sent, the router reveals the WPA2-PSK

“Attackers can recover WPS PINs in 1–2 seconds, bypassing password complexity.” — NetRise 2025 A B C

---

🛡️ Why It’s Still Dangerous

• WPS often enabled by default, even if hidden in UI
• Firmware rarely patched—NetRise found 80% of tested devices still vulnerable in 2025
• Silent exploit path: No alerts, no logs, no user awareness