Home Network Community >
Wi-Fi Routers >
[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
Posts: 334
Helpful: 16
Solutions: 0
Stories: 0
Registered: 2012-03-28
2017-10-17 11:29:42
Posts: 334
Helpful: 16
Solutions: 0
Stories: 0
Registered: 2012-03-28
[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-17 11:29:42
Tags:
Dear All,
On October 16th, 2017, an security researcher has disclosed some severe flaws in the WPA2 security protocol.
Description of the vulnerability
The vulnerability that known as "KRACK", short for Key Reinstallation Attack, will target the four-way handshake of the WPA2 protocol. Mathy Vanhoef, who published the flaw, said that the flaw may allow an attacker within the Wi-Fi range to decrypt network traffic from a WPA2-enabled device, hijack connections, and inject content into the traffic stream.
The publisher also points out that, the main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates.
For more details, please refer to the below article published by Vanhoef:
https://www.krackattacks.com/
The following Common Vulnerabilities and Exposures (CVE) identifiers were assigned to track which products are affected by specific instantiations of the key reinstallation attack:CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088
TP-Link is aware of the vulnerabilities (KRACKs) in the WPA-2 protocol. We have published a security advisory on the official website and are working to solve the problems now.
Security Advisory: http://www.tp-link.com/en/faq-1970.html
[FONT=&]Software updates for the affected devices will be post at http://www.tp-link.com/support.html over the next few weeks.[/FONT]
Your network security is highly regarded by TP-Link.
Clarification for the WPA2 Vulnerabilities:
1. Please have a look at the article published by Mathy Vanhoef and pay attention to the QA listed at the end:
Q: What if there are no security updates for my router?
A: Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones.
From the QA, we can get clear that the vulnerabilities only targets the devices act as Wi-Fi clients, including laptops, smartphones, range extenders working in RE mode, routers/gateways working in RE/WDS/WISP mode.
Thus if you're using the following TP-Link products:
(Unaffected Devices)
# All powerline adapters
# All mobile Wi-Fi products
# Routers and gateways working on default Router mode or Access Point mode
# Range extenders working in AP mode
You will not be affected by the WPA2 vulnerabilities. What you need to do is updating your Wi-Fi clients.
2. Conditions under which devices are vulnerable:
# Physical proximity: An attack can only happen when an attacker is in physical proximity to and within wireless range of your network.
# Time window: An attack can only happen when a client is connecting or reconnecting to a Wi-Fi network.
Devices affected by the vulnerability
Routers working in Repeater Mode/WISP Mode/Client Mode:
TL-WR940N with firmware version 3.17.1 Build 170717 Rel.55495n or earlier (Hardware Version 3.0 or earlier not affected)
[FONT=verdana]TL-WR841Nv13 with firmware version 0.9.1 4.16 v0348.0 Build 170814 Rel.59214n or earlier (Hardware Version 12.0 or earlier not affected)
TL-WR840N with firmware version 0.9.1 4.16 v019a.0 Build 170524 Rel.56478n or earlier (Hardware Version 2.0 or earlier not affected)
TL-WR941HP with firmware version 3.16.9 Build 20170116 Rel.50912n or earlier
TL-WR841HP with firmware version 3.16.9 Build 160612 Rel.67073n or earlier
TL-WR902AC with firmware version 3.16.9 Build 20160905 Rel.61455n or earlier
TL-WR802N with firmware version 0.9.1 3.16 v0188.0 Build 170705 Rel.34179n or earlier
TL-WR810N with firmware version 3.16.9 Build 160801 Rel.57365n or earlier
Routers with WDS function enabled (disabled by default) may be affected. Refer to the [COLOR=#0000ff]FAQ to learn how to check if WDS is enabled on your router.
Range Extenders working in Repeater Mode during a WPA2 handshake that is initiated only when connecting or reconnecting to a router:
TL-WA850RE with firmware version 1.0.0 Build 20170609 Rel.34153 or earlier
TL-WA855RE with firmware version 1.0.0 Build 20170609 Rel.36187 or earlier
TL-WA860RE with firmware version 1.0.0 Build 20170609 Rel.38491 or earlier
RE200 with firmware version 1.1.3 Build 20170818 Rel.58183 or earlier
RE210 with firmware version 3.14.2 Build 160623 Rel.43391n or earlier
RE305 with firmware version 1.0.0 Build 20170614 Rel.42952 or earlier
RE450 with firmware version 1.0.2 Build 20170626 Rel.60833 or earlier
RE500 with firmware version 1.0.1 Build20170210 Rel.59671 or earlier
RE650 with firmware version 1.0.2 Build 20170524 Rel.58598 or earlier
Wireless Adapters:
Archer T6E
Archer T9E
Whole Home Wi-Fi System:
Deco M5 with firmware version 1.1.5 Build 20170820 Rel.62483 or earlier
CPE/WBS/CAP:
CAP300 with firmware version 1.1.0 Build 20170601 Rel.60253 or earlier
CAP300-Outdoor with firmware version 1.1.0 Build 20170601 Rel.60212 or earlier
CAP1750 with firmware version 1.1.0 Build 20170601 Rel.60196 or earlier
CAP1200 with firmware version 1.0.0 Build 20170801 Rel.61314 or earlier
TL-ER604W with firmware version 1.2.0 Build 20160825 Rel.45880 or earlier
CPE520 with firmware version 2.1.6 Build 20170908 Rel.45234 or earlier
CPE610 with firmware version 2.1.5 Build 20170830 Rel. 58245 or earlier
CPE510 with firmware version 2.1.6 Build 20170908 Rel. 45233 or earlier
CPE220 with firmware version 2.1.6 Build 20170908 Rel. 45233 or earlier
CPE210 with firmware version 2.1.6 Build 20170908 Rel. 45234 or earlier
WBS210 with firmware version 2.1.0 Build 20170609 Rel. 57434 or earlier
WBS510 with firmware version 2.1.6 Build 20170908 Rel. 45234 or earlier
Smart home devices:
Smart Plugs and Switch: HS100,HS105,HS110,HS200
Smart Repeater with Plugs: RE350K,RE270K,RE370K
Cameras: NC250,NC260,NC450, KC120
[/FONT]
How to protect your devices
Until a software update is available to eliminate the vulnerability for your product, it is recommended to take the following precautions:
For wireless routers: Make sure your routers are in Router Mode or AP Mode, and patch the operating system of your smartphones, tablets and computers.
For wireless adapters: Patch the operating system of your computers.
Microsoft security update: Microsoft has fixed such security issues as mentioned in https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080
TP-Link has been working on affected models and will release firmware over the next few weeks on our official website.
Reversion History
2017-10-17: Initial release
2017-10-18: Updated some clarifications for the WPA2 vulnerabilities
2017-10-18: Updated the list of affected devices
On October 16th, 2017, an security researcher has disclosed some severe flaws in the WPA2 security protocol.
Description of the vulnerability
The vulnerability that known as "KRACK", short for Key Reinstallation Attack, will target the four-way handshake of the WPA2 protocol. Mathy Vanhoef, who published the flaw, said that the flaw may allow an attacker within the Wi-Fi range to decrypt network traffic from a WPA2-enabled device, hijack connections, and inject content into the traffic stream.
The publisher also points out that, the main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates.
For more details, please refer to the below article published by Vanhoef:
https://www.krackattacks.com/
The following Common Vulnerabilities and Exposures (CVE) identifiers were assigned to track which products are affected by specific instantiations of the key reinstallation attack:CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088
TP-Link is aware of the vulnerabilities (KRACKs) in the WPA-2 protocol. We have published a security advisory on the official website and are working to solve the problems now.
Security Advisory: http://www.tp-link.com/en/faq-1970.html
[FONT=&]Software updates for the affected devices will be post at http://www.tp-link.com/support.html over the next few weeks.[/FONT]
Your network security is highly regarded by TP-Link.
Clarification for the WPA2 Vulnerabilities:
1. Please have a look at the article published by Mathy Vanhoef and pay attention to the QA listed at the end:
Q: What if there are no security updates for my router?
A: Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones.
From the QA, we can get clear that the vulnerabilities only targets the devices act as Wi-Fi clients, including laptops, smartphones, range extenders working in RE mode, routers/gateways working in RE/WDS/WISP mode.
Thus if you're using the following TP-Link products:
(Unaffected Devices)
# All powerline adapters
# All mobile Wi-Fi products
# Routers and gateways working on default Router mode or Access Point mode
# Range extenders working in AP mode
You will not be affected by the WPA2 vulnerabilities. What you need to do is updating your Wi-Fi clients.
2. Conditions under which devices are vulnerable:
# Physical proximity: An attack can only happen when an attacker is in physical proximity to and within wireless range of your network.
# Time window: An attack can only happen when a client is connecting or reconnecting to a Wi-Fi network.
Devices affected by the vulnerability
Routers working in Repeater Mode/WISP Mode/Client Mode:
TL-WR940N with firmware version 3.17.1 Build 170717 Rel.55495n or earlier (Hardware Version 3.0 or earlier not affected)
[FONT=verdana]TL-WR841Nv13 with firmware version 0.9.1 4.16 v0348.0 Build 170814 Rel.59214n or earlier (Hardware Version 12.0 or earlier not affected)
TL-WR840N with firmware version 0.9.1 4.16 v019a.0 Build 170524 Rel.56478n or earlier (Hardware Version 2.0 or earlier not affected)
TL-WR941HP with firmware version 3.16.9 Build 20170116 Rel.50912n or earlier
TL-WR841HP with firmware version 3.16.9 Build 160612 Rel.67073n or earlier
TL-WR902AC with firmware version 3.16.9 Build 20160905 Rel.61455n or earlier
TL-WR802N with firmware version 0.9.1 3.16 v0188.0 Build 170705 Rel.34179n or earlier
TL-WR810N with firmware version 3.16.9 Build 160801 Rel.57365n or earlier
Routers with WDS function enabled (disabled by default) may be affected. Refer to the [COLOR=#0000ff]FAQ to learn how to check if WDS is enabled on your router.
Range Extenders working in Repeater Mode during a WPA2 handshake that is initiated only when connecting or reconnecting to a router:
TL-WA850RE with firmware version 1.0.0 Build 20170609 Rel.34153 or earlier
TL-WA855RE with firmware version 1.0.0 Build 20170609 Rel.36187 or earlier
TL-WA860RE with firmware version 1.0.0 Build 20170609 Rel.38491 or earlier
RE200 with firmware version 1.1.3 Build 20170818 Rel.58183 or earlier
RE210 with firmware version 3.14.2 Build 160623 Rel.43391n or earlier
RE305 with firmware version 1.0.0 Build 20170614 Rel.42952 or earlier
RE450 with firmware version 1.0.2 Build 20170626 Rel.60833 or earlier
RE500 with firmware version 1.0.1 Build20170210 Rel.59671 or earlier
RE650 with firmware version 1.0.2 Build 20170524 Rel.58598 or earlier
Wireless Adapters:
Archer T6E
Archer T9E
Whole Home Wi-Fi System:
Deco M5 with firmware version 1.1.5 Build 20170820 Rel.62483 or earlier
CPE/WBS/CAP:
CAP300 with firmware version 1.1.0 Build 20170601 Rel.60253 or earlier
CAP300-Outdoor with firmware version 1.1.0 Build 20170601 Rel.60212 or earlier
CAP1750 with firmware version 1.1.0 Build 20170601 Rel.60196 or earlier
CAP1200 with firmware version 1.0.0 Build 20170801 Rel.61314 or earlier
TL-ER604W with firmware version 1.2.0 Build 20160825 Rel.45880 or earlier
CPE520 with firmware version 2.1.6 Build 20170908 Rel.45234 or earlier
CPE610 with firmware version 2.1.5 Build 20170830 Rel. 58245 or earlier
CPE510 with firmware version 2.1.6 Build 20170908 Rel. 45233 or earlier
CPE220 with firmware version 2.1.6 Build 20170908 Rel. 45233 or earlier
CPE210 with firmware version 2.1.6 Build 20170908 Rel. 45234 or earlier
WBS210 with firmware version 2.1.0 Build 20170609 Rel. 57434 or earlier
WBS510 with firmware version 2.1.6 Build 20170908 Rel. 45234 or earlier
Smart home devices:
Smart Plugs and Switch: HS100,HS105,HS110,HS200
Smart Repeater with Plugs: RE350K,RE270K,RE370K
Cameras: NC250,NC260,NC450, KC120
[/FONT]
How to protect your devices
Until a software update is available to eliminate the vulnerability for your product, it is recommended to take the following precautions:
For wireless routers: Make sure your routers are in Router Mode or AP Mode, and patch the operating system of your smartphones, tablets and computers.
For wireless adapters: Patch the operating system of your computers.
Microsoft security update: Microsoft has fixed such security issues as mentioned in https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080
TP-Link has been working on affected models and will release firmware over the next few weeks on our official website.
Reversion History
2017-10-17: Initial release
2017-10-18: Updated some clarifications for the WPA2 vulnerabilities
2017-10-18: Updated the list of affected devices
#1
Options
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Thread Manage
Announcement Manage
149 Reply
Posts: 1
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2017-10-23
Mitigation?
2017-10-23 19:04:03
tplink wrote
1. So maybe you should check if your router/AP is accepting older replay counter.
According to the 802.11 Wi-Fi standard, an AP (authenticator) will check and accept Replay Counter value that already used in message to the client during the 4-way handshark, which is one of its vulnerabilities. Maybe some APs, as the author mentioned, will work fully in accordance with the 802.11 standard, but we can confirm that TP-Link isn't involved with this vulnerability from the code level. TP-Link APs/Routers will check the replay counter value in message 4, and if it's a value already used, will reject the packet.
Thus we clarify that routers/gateways working in default router mode or access point mode (as an Authenticator) will not be affected by the vulnerabilities.
2. and in addition it seems also below technique can be used against AP as per the research paper:
" it is still possible to indirectly attack them by performing a key reinstallation attack against the AP during an FT handshake" (see Section 5 - A Key Reinstallation Attack against the AP):
TP-Link APs don't make use of the 802.11r roaming protocol (some APs apply 802.11k/v instead). Thus can get rid of the vulnerabilities of an FT handshake implemented by 802.11r.
3. So maybe you should check if your AP/Router are affected about " not verify the authenticity (MIC) of this frame"
From the code level, we can confirm that TP-Link APs will check the MIC (Message Integrality Check) value during the 4-way handshake, thus can get rid of this vulnerability as well.
Thus if you use your W8970 in the default DSL modem router rode, it won't be affected by the vulnerabilities at all. Just update your Wi-Fi clients to avoid any attacks.
It isn't quite clear from the above whether TP-Link wireless routers, such as the TL-WDR4300, in not fully complying with the WPA standard, provide protection against unpatched Android clients being attacked whilst connected to their wifi networks.
Could you comment on that, please?
Obviously, an unpatched client is vulnerable when connected to other networks, but it would be helpful to know that there is zero risk when connected at home, if that is indeed the case.
The Q&A section at krackattacks.com states:
Can we modify an access point to prevent attacks against the client?
Yes, it is possible to modify the access point such that connected clients cannot be attacked. These modifications only prevent attacks when a vulnerable client is connected to such a modified access point. When a vulnerable client connects to a different access point, it can still be attacked.
Technically, this is accomplished by modifying the access point such that it does not retransmit message 3 of the 4-way handshake. Additionally, the access point is modified to not retransmit message 1 of the group key handshake. The hostapd project has such a modification available. They are currently evaluating to which extend this impacts the reliability of these handshakes. We remark that it's also possible to prevent attacks against clients by retransmitting the above handshake messages using the same (previous) EAPOL-Key replay counter. The attack against the group key handshake can also be prevented by letting the access point install the group key in a delayed fashion, and by assuring the access only accepts the latest replay counter (see section 4.3 of the paper for details).
In what way, if at all, do TP-Link wireless routers mitigate attacks against still-vulnerable clients?
Thanks in advance.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#102
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 41
Helpful: 7
Solutions: 0
Stories: 0
Registered: 2016-04-09
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-23 23:09:11
The consumer market for routers is full of choices. Most if not all suffer from the same vulnerability - they are consumer targeted devices intended to be sold en-mass and somewhat quickly retired or replaced by new hardware offerings. TP-Link, D-Link, Cisco etc make their money selling the router not from keeping the firmware patched and updated. Many of the nice to have reporting, logging and analysis tools present in firmware for commercial routers is intentionally left out of the public variant even though the hardware is perfectly capable of providing these features. Firmware updates are intentionally few and far between for consumer equipment. Less features means less consumer questions for support to answer.
DD-WRT is one's best bet to harness the full potential of your consumer router if installing that is a possibility for you. Don't let tp-link decide for you what features you are permitted to use with hardware you own. Do not allow yourself to be held hostage waiting for firmware updates that are never coming or have been deemed to be of low priority by the company.
Purchasing a commercial grade router usually provides frequent firmware updates with a focus on security and network functionality rather than flashy cases, crippled firmware and quick obsolescence. I have had good success with tp-link unmanaged switches but will never buy another tp-link router that isn't dd-wrt compatible and even then, I would probably pick a commercial router. Many routers in every company's consumer offerings have serious issues that never seem to get fixed.
Caveat emptor.
DD-WRT is one's best bet to harness the full potential of your consumer router if installing that is a possibility for you. Don't let tp-link decide for you what features you are permitted to use with hardware you own. Do not allow yourself to be held hostage waiting for firmware updates that are never coming or have been deemed to be of low priority by the company.
Purchasing a commercial grade router usually provides frequent firmware updates with a focus on security and network functionality rather than flashy cases, crippled firmware and quick obsolescence. I have had good success with tp-link unmanaged switches but will never buy another tp-link router that isn't dd-wrt compatible and even then, I would probably pick a commercial router. Many routers in every company's consumer offerings have serious issues that never seem to get fixed.
Caveat emptor.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#103
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 1
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2017-10-24
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-24 04:25:14
I will sell my 3 Archer Routers ASAP!!!
C20, C25, C7.
The importance that TP-Link has given this problem looks like a joke.
7 months, and they neither released a list of the affected models.
We have to laugh, because if we take it seriously, we will cry.
C20, C25, C7.
The importance that TP-Link has given this problem looks like a joke.
7 months, and they neither released a list of the affected models.
We have to laugh, because if we take it seriously, we will cry.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#104
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 1
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2017-10-24
Access Points not mentioned
2017-10-24 09:14:51
tplink wrote
Hi All,
Please pay attention to the latest updates. If you're using a TP-Link router working in the default router mode or access point mode, please don't be worry as it actually won't be affected by the vulnerabilities. However, we will still release updates to fix the vulnerabilities in weeks when the router is working in the WDS bridging mode, which is disabled by default and rarely used in most user cases. As for range extenders that working in the RE mode, we will release fixes as soon as possible. Thanks.
I've been paying attention to the update this post since it was first made, I also logged a support request on the first day. I've yet to get a clear answer - is the TP-Link AP500 AC1900 affected? If so when will a patch be available. I purchased this only a 10 days from Amazon. Its eligible for return for another ~20days
A careful reading of the https://www.krackattacks.com page suggests that the primary problem lies with the clients. However this quote on the site stands out:
Will the Wi-Fi standard be updated to address this? There seems to be an agreement that the Wi-Fi standard should be updated to explicitly prevent our attacks. These updates likely will be backwards-compatible with older implementations of WPA2. Time will tell whether and how the standard will be updated.
Can we get a clear commitment from TP-Link that Access Points and Routers will upgraded to the new standard when hammered out? Again I ask because I need to decide if I'm keeping this or buying from a vendor who upgraded quickly.
Thanks
Mark Levison
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#105
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 41
Helpful: 7
Solutions: 0
Stories: 0
Registered: 2016-04-09
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-25 00:51:00
mlevison wrote
Can we get a clear commitment from TP-Link that Access Points and Routers will upgraded to the new standard when hammered out? Again I ask because I need to decide if I'm keeping this or buying from a vendor who upgraded quickly.
Clearly, tp-Link is not a company to rely on for stellar customer issue support and firmware upgrades for their devices. My past technical support experience with this company has been awful. Farmed out customer support services rarely are of much use if one is not interested in endless requests to reboot or reinstall this or that by people who know less than you and are reading from a script. .
This is an article from Oct. 17. You may note with interest that tp-link is missing from the companies who have reported what they have done or plan to do with respect to KRACK. When it comes time to buy a new router, you may be well advised to select one from a company other than tp-link.
http://www.zdnet.com/article/here-is-every-patch-for-krack-wi-fi-attack-available-right-now/
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#106
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 1
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2017-10-26
For your next router, choose wisely (hint: Not TP-LINK)
2017-10-26 03:47:13
Based on what I have read, when using devices in AP mode, it is important to update the clients. I don't use WDS/Wireless bridge so updating the router may not be urgent. I have my doubts about seeing firmware updates from TP-LINK any time soon.
I have two TP-LINK devices:
TL-WR700N v1.1 --> No TP-LINK firmware updates since 2014.
DD-WRT: Not compatible. :-(
Verdict: No firmware update expected. Possibly junk, but I rarely use this device.
C7 Archer v2 --> No TP-LINK firmware since 2016 (Canada version).
DD-WRT: Compatible. From what I understand DD-WRT cannot take advantage of hardware NAT acceleration so not sure if I will install right away.
Verdict: Waiting a little while, but likely switching to DD-WRT as I don't see TP-LINK updating.
As an aside I have an ancient Linksys WRT54GL v1.1 that I just updated with a newer version of DD-WRT to patch [dd-wrt.v24_vpn_generic.bin v3.0-r33525 10/17/17]
Verdict: When shopping for routers, make sure they are DD-WRT compatible!
I have two TP-LINK devices:
TL-WR700N v1.1 --> No TP-LINK firmware updates since 2014.
DD-WRT: Not compatible. :-(
Verdict: No firmware update expected. Possibly junk, but I rarely use this device.
C7 Archer v2 --> No TP-LINK firmware since 2016 (Canada version).
DD-WRT: Compatible. From what I understand DD-WRT cannot take advantage of hardware NAT acceleration so not sure if I will install right away.
Verdict: Waiting a little while, but likely switching to DD-WRT as I don't see TP-LINK updating.
As an aside I have an ancient Linksys WRT54GL v1.1 that I just updated with a newer version of DD-WRT to patch [dd-wrt.v24_vpn_generic.bin v3.0-r33525 10/17/17]
Verdict: When shopping for routers, make sure they are DD-WRT compatible!
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#107
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 2
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2017-10-17
Clarifying "Unaffected Product" List
2017-10-27 04:29:54
I have an Archer 3150 v1 router and an RE650 range extender. Latest firmware is over a year old for 3150. The list of "unaffected products" is unclear. It says:
I searched manual and config screens for Router Mode or AP Mode and found no reference. But I am using it as a WiFi Router and not a bridge or repeater. So perhaps I am safe.
Then for Range Extenders it says:
The RE650 is in a repeater mode rebroadcasting the same SSIDs to a very remote area of my house. So I believe this device IS affected. The last firmware release was 2017-05-24. I generally shy away from RE but this solved a problem for me quickly and I'd like to keep it operational.
I live in a very remote area so I can tolerate a few days wait for fixes, maybe even weeks. BUT...
I work on a shipping product in the IoT (robotics). The fact is we have already provided a fix to our product and the patch took us just a couple of hours to make and then a day to test against dozens of routers. I worked on this fix so I have seen the C/C++ source necessary to make fixes to this I am surprised there isn't a bit more urgency from WiFi router makers. A fix to our Ubiquiti systems was available the day the vulnerability leaked. WiFi router companies will be judged by their response to this security crisis! There is so much open source code, like the Linux sources and some of the open source router firmware replacements, that contain fixes you could use as example code. Please fix fast. I am fond of my TP-Link products and have been recommending them to friends. But as Head of Security & Privacy I have to consider response time to major security vulnerabilities.
This message is not meant to be arrogant but rather to explain that I am not sure the info at http://www.tp-link.com/en/faq-1970.html will be clear to everyone and that I have fixes to my own product, to my phones, tablets, and computers ALREADY. The Ubiquiti UniFi Pro APs I use in many of our facilities are already patched. So tick tock!
Routers and gateways working in their default mode (Router Mode) and AP Mode
I searched manual and config screens for Router Mode or AP Mode and found no reference. But I am using it as a WiFi Router and not a bridge or repeater. So perhaps I am safe.
Then for Range Extenders it says:
Range extenders working in AP Mode
The RE650 is in a repeater mode rebroadcasting the same SSIDs to a very remote area of my house. So I believe this device IS affected. The last firmware release was 2017-05-24. I generally shy away from RE but this solved a problem for me quickly and I'd like to keep it operational.
I live in a very remote area so I can tolerate a few days wait for fixes, maybe even weeks. BUT...
I work on a shipping product in the IoT (robotics). The fact is we have already provided a fix to our product and the patch took us just a couple of hours to make and then a day to test against dozens of routers. I worked on this fix so I have seen the C/C++ source necessary to make fixes to this I am surprised there isn't a bit more urgency from WiFi router makers. A fix to our Ubiquiti systems was available the day the vulnerability leaked. WiFi router companies will be judged by their response to this security crisis! There is so much open source code, like the Linux sources and some of the open source router firmware replacements, that contain fixes you could use as example code. Please fix fast. I am fond of my TP-Link products and have been recommending them to friends. But as Head of Security & Privacy I have to consider response time to major security vulnerabilities.
This message is not meant to be arrogant but rather to explain that I am not sure the info at http://www.tp-link.com/en/faq-1970.html will be clear to everyone and that I have fixes to my own product, to my phones, tablets, and computers ALREADY. The Ubiquiti UniFi Pro APs I use in many of our facilities are already patched. So tick tock!
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#108
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 8
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2017-10-27
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-27 19:30:15
Good day Support,
I have read your statement on "WPA2 Security (KRACKs) Vulnerability Statement" , as published at http://www.tp-link.com/en/faq-1970.html on 10-19-2017 01:20:23 AM.
I am the owner of 3 x Auranet EAP115 V1 , which seem to be missing from both the "Unaffected TP-Link products list" and the "Affected TP-Link products list".
Can you please let me know if the Auronet EAP115 V1 is affected or not, and modify the online statement accordingly ?
Kind regards,
René Fennet
I have read your statement on "WPA2 Security (KRACKs) Vulnerability Statement" , as published at http://www.tp-link.com/en/faq-1970.html on 10-19-2017 01:20:23 AM.
I am the owner of 3 x Auranet EAP115 V1 , which seem to be missing from both the "Unaffected TP-Link products list" and the "Affected TP-Link products list".
Can you please let me know if the Auronet EAP115 V1 is affected or not, and modify the online statement accordingly ?
Kind regards,
René Fennet
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#109
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 10
Helpful: 2
Solutions: 0
Stories: 0
Registered: 2017-03-29
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-28 00:44:01
Been about a week and a half, my device still not patched. When can we expect what to be rolled-out for what devices?
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#110
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 58
Helpful: 18
Solutions: 0
Stories: 0
Registered: 2016-01-01
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-10-28 01:22:10
What about TL-WA584RE v1?
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#111
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 334
Helpful: 16
Solutions: 0
Stories: 0
Registered: 2012-03-28
2017-10-17 11:29:42
Posts: 334
Helpful: 16
Solutions: 0
Stories: 0
Registered: 2012-03-28
Information
Helpful: 0
Views: 25732
Replies: 154
Voters 0
No one has voted for it yet.
Tags
Related Articles
Archer D(
509
0
'Krack' patches?
418
0
Severe packet loss
46
0
Deco red “D”
269
0
Security
943
0
Report Inappropriate Content
Transfer Module
New message