[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
149 Reply
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-11-19 23:17:18
1 month after post thread creation... Can we get patched firmwares?
  0  
  0  
#124
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-11-30 03:16:46
Dear Mod TPLink,

Can you please provide updated information on this matter? I've just searched the web and the firmware updates still don't cover this new flaw!

If I missed something and your devices are now safe from krack, I apologise.

Many thanks
  0  
  0  
#125
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-12-09 00:57:47
I see that a KRACK firmware fix has been issued for WA860RE V4. Unfortunately my WA860RE's are Ver:1.1. Can I expect a fix for that version?
  0  
  0  
#126
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-12-15 01:45:39
Getting a bit tiresome to refresh http://www.tp-link.com/download/RE210.html#Firmware :(
  0  
  0  
#127
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-12-16 00:07:51

tjeyy wrote

Getting a bit tiresome to refresh http://www.tp-link.com/download/RE210.html#Firmware :(

Same here with http://uk.tp-link.com/download/RE200.html#Firmware
It's worrying that TP-Link posted a number of firmware updates mid November (for the newer devices only?!) then nothing more for weeks, as if the rest of the devices have been left behind for good :(
  0  
  0  
#128
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-12-17 01:03:46
Just like with your new android phone, you can expect one or two firmware upgrades before the manufacturer relegates the device to the historical archives. The consumer router market is even worse. Manufacturers do not wish to support these product offerings for very long, they want everyone to upgrade to the latest and greatest. They prod their customers in this direction by offering a few bug fixes initially and then nothing more.

At least with android there is a robust and dedicated community offering off brand firmware to keep things modern for as long as the hardware will support the new features. With a phone costing $800+ maybe that plays a part. A router that costs $200 or less after a year is considered a throw away device to everyone but the owner of the device who expected active support for much longer.
  0  
  0  
#129
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-12-18 00:41:22
I'd argue that it's in TP-Link's best interest to keep their products patched against vulnerabilities like KRACK. If enough users of its products are attacked successfully and users can trace those attacks back to TP-Link products, TP-Link might find itself in a world of hurt.

There's an old saying in my neck of the woods: An ounce of prevention is worth a pound of cure.
  0  
  0  
#130
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-12-18 03:08:45

dph3055 wrote

Just like with your new android phone, you can expect one or two firmware upgrades before the manufacturer relegates the device to the historical archives. The consumer router market is even worse. Manufacturers do not wish to support these product offerings for very long, they want everyone to upgrade to the latest and greatest. They prod their customers in this direction by offering a few bug fixes initially and then nothing more.

At least with android there is a robust and dedicated community offering off brand firmware to keep things modern for as long as the hardware will support the new features. With a phone costing $800+ maybe that plays a part. A router that costs $200 or less after a year is considered a throw away device to everyone but the owner of the device who expected active support for much longer.


This is why I have now moved to using, and recommending Ubiquiti products, and actively recommending against using anything by TP-Link. For the price of a TP-Link router you can buy a Ubiquiti EdgeRouter X and an AC-Lite access point which is far more secure and capable than the hokey gear TP-Link push.
  0  
  0  
#131
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-12-20 02:26:11
Why WA801ND isnt in the list?
i use WA801NDv5 in client mode.
Will you make patch for WA801NDv5 or do i have to throw it?
also i have a cpe210 in repeater mode what about that?
thnks
  0  
  0  
#132
Options
Re:[Security Flaws] Severe flaws called "KRACK" are discovered in the WPA2 protocol
2017-12-20 09:55:43

bld522 wrote

I'd argue that it's in TP-Link's best interest to keep their products patched against vulnerabilities like KRACK. If enough users of its products are attacked successfully and users can trace those attacks back to TP-Link products, TP-Link might find itself in a world of hurt.

There's an old saying in my neck of the woods: An ounce of prevention is worth a pound of cure.


You would think so. However, the reality is consumer router manufacturers (not only TP-Link) by in large do not update their products for very long. When almost the entire industry follows the same modus operandi consumers don't have much choice. For years now, routers are released to the public and are quickly relegated to the legacy support directory in round-robin fashion as the next crop of routers are released.

It just isn't cost effective to rewrite firmware changes to address Krack for all of their equipment in use. More profit in getting those concerned to buy a new router. For the time being, Krack isn't a big threat and until it is, neither manufacturers or consumers will be paying much attention.
  0  
  0  
#133
Options