Home > NEWS > NEWSPrint

NEWS

Here you can view TOTOLINK news and get more up-to-date information of us.

TOTOLINK∝in 2017WPA2 Security (KRACKs) Vulnerability Statement

  • 2017-10-25

    TOTOLINK∝in 2017WPA2 Security (KRACKs) Vulnerability Statement

    Description

    TOTOLINK is aware of vulnerabilities in the WPA2 security protocol that affect some TOTOLINK products. An attacker within wireless range of a Wi-Fi network can exploit these vulnerabilities using key reinstallation attacks (KRACKs). According to the research paper on KRACKs by Mathy Vanhoef that brought this vulnerability to the attention of vendors, the attack targets the WPA2 handshake and does not exploit access points, but instead targets clients. All vulnerabilities can be fixed through software updates since the issues are related to implementation flaws.

     

    TOTOLINK has been working to solve this problem and will continue to post software updates at www.totolink.net/sub/support/download/index.asp. Products with TOTOLINK Cloud enabled will receive update notifications in the web management interface, Tether App or Deco App automatically.

     

    More information about KRACK can be found through the link https://www.krackattacks.com.

    Conditions under which devices are vulnerable

    Physical proximity

    An attack can only happen when an attacker is in physical proximity to and within wireless range of your network.

    Time windowAn attack can only happen when a client is connecting or reconnecting to a Wi-Fi network.

    Unaffected TOTOLINK products

    Routers and gateways

    When working in their default mode (Router Mode) and AP Mode

     

    Range extenders

    When working in AP Mode

    Affected TOTOLINK products

    Routers

    When working in Repeater Mode, WISP Mode, or Client Mode

    Model

     Version

    Release date

     A3002RU

    V1.0.8

    2017/10/09 or earlier

     A702R

    V1.1.0

    2017/05/25 or earlier

     A850R

    V1.1.4

    2017/05/26 or earlier

    N200RE V3

    V3.1.4 

    2017/09/25 or earlier

    N200RE V2

    V2.4.6

    2016/11/10 or earlier

    N100RE V3

    V3.1.2

    2017/09/25 or earlier

    N100RE V3

    V2.4.6 

    2016/11/10 or earlier

    N300RT

    V2.2.0 

    2017/05/25 or earlier

    N150RT

    V2.2.0-

    2017/05/26 or earlier

    N302R+

    V3.1.4 

    2017/05/25 or earlier

    N301RT

    V3.0.2

    2017/07/04 or earlier

    N300RH V3

     V3.1.4 

    2017/06/20 or earlier

    N300RH V2

     V2.2.0

    2016/11/11 or earlier

    N150RH V3

     V3.0.0

    2017/04/19 or earlier

    F2

     V2.2.0

    2016/10/29 or earlier

    F1

     V2.2.0

    2016/10/29 or earlier

     A3000RU

     V5.9c.680

    2017/09/13 or earlier

    A950RG

    V5.9c.680 

     2017/09/13 or earlier

    A800R

    V5.9c.680-

    2017/09/13 or earlier

     T10

     V5.9c.466

     2017/09/28 or earlier

     N600R

     V5.3c.5291

    2017/09/11 or earlier

     A6004NS

     10_012

    2017/09/11 or earlier

    A5004NS

     9_74

    2015/07/24 or earlier

     A2004NS V1

     9_962

    2016/12/27 or earlier

      A1004

     9_74

    2015/07/24 or earlier

    A3 

     9_990

    2017/03/11 or earlier

     N300RB

    9_74

    2015/07/24 or earlier

     N302R+ V2

    9_76

    2015/07/24 or earlier

     

    Range Extender

    When working in Repeater Mode during a WPA2 handshake that is initiated only when connecting or reconnecting to a router:

     Model

     Version

    Release  date

    EX1200

    V5.7c.2662 

     2017/09/21 or earlier

    EX200 

     V5.2.3C.5431

     2017/10/18 or earlier

     EX200U

     V1.1.109

    2017/08/25 or earlier 

     EX100

     V1.0.379

    2017/02/08 or earlier 

     EX302

     V5.0

    2015/10/15 or earlier 

     EX1200M

     10_012

    2017/10/10 or earlier 

     EX750

     9_74

    2015/07/24 or earlier

     EX300

     9_74

    2015/07/24 or earlier 

     

    Wireless Adapters

      『 TOTOLINK A1900PE

      『 TOTOLINK A1200PE

      『 TOTOLINK N300PC

      『 TOTOLINK N300PE

      『 TOTOLINK N150PE

     

    Wireless CPE

     Model

     Version

     Release  date

     CP900

     V6.2c.361

    2017/09/21 or earlier 

     CP300

     V2.0.2

     2017/05/10 or earlier

     CP150

     V1.2

     2017/09/21 or earlier

    How to protect your device

    Until a software update is available to eliminate the vulnerability for your product, it is recommended to take the following precautions:

     

    For wireless routers
     」 Make sure that your routers are working in Router Mode or AP Mode 」 We recommend that you patch the operating systems of your smartphones, tablets, and computers.

    For wireless adapters
     」 We recommend that you patch the operating systems of your computers. With regard to Microsoft security updates, Microsoft has fixed such security issues as mentioned at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080.

    TOTOLINK has been working on affected models and will release firmware in the next few weeks on our official website.

    Associated CVE identifiers
    The following common Vulnerabilities and Exposures (CVE) identifiers have been assigned to track which products are affected by specific types of key reinstallation attacks:

    CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake

    CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake

    CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake

    CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake

    CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.

    CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it

    CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshakeCVE-2017-13086: Reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake

    CVE-2017-13087: Reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame

    CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame

    Disclaimer
    WPA2 vulnerabilities will remain if you do not take all recommended actions. TOTOLINK will not bear any responsibility for consequences that could have been avoided by following the recommendations in this statement.

Newsletter   l   Change Region   l   Contact us
COPYRIGHT 2014 TOTOLINK ., ALL RIGHT RESERVED