WPA2 Security (KRACKs) Vulnerability Statement Follow

WPA2 Security (KRACKs) Vulnerability Statement

 

Description

Edgecore Networks is aware of vulnerability in the WPA2 security protocol that will affect some Edgecore Wi-Fi products.  An attacker within wireless range of a Wi-Fi network can exploit these vulnerabilities using key re-installation attacks (KRACKs). According to the research paper, the vulnerability attack targets the 4-way/group key/peer-key handshake in Wi-Fi client, and 802.11r Fast BSS Transition (FT) in Access Point.  All vulnerabilities can be fixed through software update since the issues are related to protocol handling implementation. 

More information about KRACKs can be found through the link: https://www.krackattacks.com/

 

Some of Edgecore's Access Points support WDS (Wireless Distribution System) for the backhaul connection, may be affected by key handshaking; however, some Wi-Fi Access Points, which do not support WDS, will not be affected. 

 

WPA-2 vulnerabilities will not affect the following products because those models do not support WDS.

ECW7220-L

ECW7220-L EU

ECW7220-L TR

SMC2890W-AG

SMC2891W-AG

 

For WPA-2 vulnerabilities affected products, Edgecore Networks engineering team are working on the software upgrade to fix the issues with the following estimated schedule.

 

End of November 

SMC2890W-AN

SMC2891W-AN

 

ECW5110

ECW5212

ECW5320

ECWO5110

ECWO5320

 

Before the availability of the new fixed software, we strongly recommend users to turn off WDS modes if you turn on the mode.  WDS mode is defaulted "off" when the product delivered from the factory.

 

Please refer to the following link to FAQ : How to turn off WDS mode?