RE200 v1 has not received WPA KRACK vulnerability upgrade

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

RE200 v1 has not received WPA KRACK vulnerability upgrade

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
RE200 v1 has not received WPA KRACK vulnerability upgrade
RE200 v1 has not received WPA KRACK vulnerability upgrade
2017-12-26 23:06:06
Model :

Hardware Version :

Firmware Version :

ISP :

The firmware for RE200 v1 is dated 2017-07-17, which is earlier than the KRACK WPA2 vulnerability date. I assume the device is then vulnerable.

Warranty of the device is still valid - should I return the device to shop as TP-LINK is not providing security upgrade to it?


In announcement, only RE200 v2 version is referred:
http://forum.tp-link.com/showthread.php?101094-Security-Flaws-Severe-flaws-called-quot-KRACK-quot-are-discovered-in-the-WPA2-protocol
  0      
  0      
#1
Options
11 Reply
Re:RE200 v1 has not received WPA KRACK vulnerability upgrade
2018-02-16 03:52:47
RE200 with firmware version 1.1.3 Build 20170818 Rel.58183 or earlier

Is V1 vulnerable?
  0  
  0  
#2
Options
Re:RE200 v1 has not received WPA KRACK vulnerability upgrade
2018-02-16 07:02:28
It is a miracle. I found update on this site https://www.tp-link.com/il/download/RE200_V1.html#Firmware
  0  
  0  
#3
Options
Re:RE200 v1 has not received WPA KRACK vulnerability upgrade
2018-03-13 21:41:57
Thanks didot.

Any reason why the new firmware for the RE200 shows for some countries and it does not show for others?

For example, the page for France shows the firmware version RE200(EU)_V1_171206:
https://www.tp-link.com/fr/download/RE200_V1.html#Firmware
https://static.tp-link.com/2018/201802/20180209/RE200(EU)_V1_171206.zip

While the page for the UK only shows the earlier version, before the KRACK patch (also this version is listed as obsolete on the French page):
https://www.tp-link.com/uk/download/RE200_V1.html#Firmware
https://static.tp-link.com/RE200(EU)_V1_170707.zip

Both the French and the UK site have the V1 EU version, but the UK does not show the latest.

ANY REASON WHY THE UK HAS BEEN LEFT BEHIND WITH AN UN-PATCHED FIRMWARE?
  0  
  0  
#4
Options
Re:RE200 v1 has not received WPA KRACK vulnerability upgrade
2018-03-14 15:30:58
those are good questions. I have no answers.

I also do not know why the menu to choose time zone has been taken away. Now the time is wrong. It is small bug but stupid and unnecessary
  0  
  0  
#5
Options
Re:RE200 v1 has not received WPA KRACK vulnerability upgrade
2018-03-14 15:34:43
those are good questions. I have no answers.

I also do not know why the menu to choose time zone has been taken away. Now the time is wrong. It is small bug but stupid and unnecessary
  0  
  0  
#6
Options
Re:RE200 v1 has not received WPA KRACK vulnerability upgrade
2018-03-14 15:38:26
To casaschi -- tplink is handling that. That firmware is suitable for UK users as well.
To didot --You can go to Advanced>System tools>Time settings to correct the time.
  0  
  0  
#7
Options
Re:RE200 v1 has not received WPA KRACK vulnerability upgrade
2018-03-14 17:24:59
Thanks uutommi. The UK page has been fixed now and shows the latest firmware with the KRACK patch!

Your suggestion about fixing the timezone however does not seem to apply to the latest V1 firmware. I can't see an "advanced" menu item and the "system tools" section does not have a "time settings" option. Are you by any chance referring to the V2 style interface instead?

EDIT: looking around a bit with an older version of the interface from an emulator, it seems that older firmware versions had a "choose region" step in the quick setup wizard that is not there with the latest firmware. In that "choose region" step the user could set the device location and the timezone was set accordingly. There's no way to change region afterwards other than going through the setup wizard again.
Besides using the wrong timezone, without being able to select the operating region I wonder how the device is supposed to enforce local region-based restriction and regulations (unless built-in into a firmware build specifically for each region).
  0  
  0  
#8
Options
Re:RE200 v1 has not received WPA KRACK vulnerability upgrade
2018-03-14 19:06:26

uutommi wrote

To casaschi -- tplink is handling that. That firmware is suitable for UK users as well.
To didot --You can go to Advanced>System tools>Time settings to correct the time.


To TPLINK: Removing time zone choice is stupid and unnecessary. There are more than one time-zone in EU. Also, you sell EU version hardware in other parts of the world, eg. IL.
  0  
  0  
#9
Options
Re:RE200 v1 has not received WPA KRACK vulnerability upgrade
2018-03-15 14:54:36
sorry I may have looked at the wrong interface. there is time setting for v2, not v1
but there is no function required correct time to take effect on the v1.
don't worry about the region. EU version is made to compliant with CE standard. It's OK to use it in the country where CE is recognized.
  0  
  0  
#10
Options
Re:RE200 v1 has not received WPA KRACK vulnerability upgrade
2018-03-28 03:54:08
For US/Canada V1 is still 2017-07-17... which as JiiVeeTee noted is before the KRACK vulnerability was published (and release notes don't include anything on KRACK).

Does anyone know if there will be a firmware fix? Or should we return the product for a newer one? (still under warranty).

JiiVeeTee wrote

Model :

Hardware Version :

Firmware Version :

ISP :

The firmware for RE200 v1 is dated 2017-07-17, which is earlier than the KRACK WPA2 vulnerability date. I assume the device is then vulnerable.

Warranty of the device is still valid - should I return the device to shop as TP-LINK is not providing security upgrade to it?


In announcement, only RE200 v2 version is referred:
http://forum.tp-link.com/showthread.php?101094-Security-Flaws-Severe-flaws-called-quot-KRACK-quot-are-discovered-in-the-WPA2-protocol
  0  
  0  
#11
Options