• Home
  • router
  • WPA2 vulnerability, Summary of response status of major wireless LAN vendors
02 Apr, 2023

WPA2 vulnerability, Summary of response status of major wireless LAN vendors

This is a summary of the response status of domestic wireless LAN vendors against the security vulnerability "KRACKs (Key Reinstallation Attacks)" in the Wi-Fi encryption technology "WPA2".

KRACKs is a vulnerability in the handshake process when connecting to an access point in WPA2, which is used in a wide range of wireless LAN devices. You can fix it by updating.

Buffalo, IO Data Equipment, NEC Platforms, and Elecom each have their own websites for support information. We are investigating the affected products, and recommend updating the affected products to the countermeasure firmware that will be released in the future.

Netgear Japan has already distributed vulnerability countermeasure firmware for some products, and is currently developing other products, and will provide them sequentially.

I-O, Netgear, and Elecom exclude vulnerabilities from router mode and access point mode operations. On the other hand, Buffalo says, "It will affect the use of relay functions (WB, WDS, etc.) with child devices and repeater products that support WPA2, as well as with parent device products."

Netgear says it is vulnerable when its products are used in bridge mode. Extenders, Arlo series cameras, and Orbi satellites are also affected when connecting to a router.

Elecom also says that it will be affected when using it in repeater or child mode, or when connecting a repeater, network camera, or wireless LAN adapter child device to a router (parent device).

WPA2 vulnerability, major wireless LAN vendors

TP-Link also published information about products affected by the vulnerability. Wireless LAN repeaters, wireless LAN slave devices and "Deco M5", wireless LAN routers "TL-WR940N" and "TL-WR802N" operating in repeater mode, hotspot mode, and client mode are affected. receive.

Regarding the provision of product firmware, in addition to being released on the company's support page in sequence, for "TP-Link Cloud" compatible devices, the management screen of each product and smartphone applications such as "Tether" and "Deco" can be updated. You will be notified.

Yamaha has said that the "WLX402" wireless LAN access point product is affected by the vulnerability, and is currently developing countermeasure firmware. In addition, "WLX302" and "WLX202" are under investigation.

In addition, Synology has already distributed countermeasure firmware for the domestically sold wireless LAN router "RT2600c" and NAS products equipped with wireless LAN slave devices.

In addition, Cisco also publishes support information about vulnerabilities on its website in English.

[Article added October 20, 18:30]

Planex Communications also announced on the 19th about its response to the vulnerability. Wireless LAN parent/child devices are covered, but router products used in router mode/AP mode are not covered.

Also, ASUSTeK has updated the security advisory web page. We are aware of the existence of the vulnerability and are working to solve it, such as developing countermeasure firmware.

Furthermore, I-O, Buffalo, and NEC Platforms updated their support pages about vulnerabilities on the 19th and 20th one after another, and some of the products that are or are not subject to the vulnerability details have been published.

Prev Next