Associated CVE IDs:
- CVE-2017-13077
- CVE-2017-13078
- CVE-2017-13079
- CVE-2017-13080
- CVE-2017-13081
- CVE-2017-13082
- CVE-2017-13084
- CVE-2017-13086
- CVE-2017-13087
- CVE-2017-13088
Associated CERT/CC VU number: VU#228519
NETGEAR is aware of WPA-2 security vulnerabilities (known as KRACK attacks) that affect NETGEAR products that connect to WiFi networks as clients. These vulnerabilities are potentially exploitable under the following conditions:
- Your devices are only vulnerable if an attacker is in physical proximity to and within wireless range of your network.
- Routers and gateways are only affected when in bridge mode (which is not enabled by default and not used by most customers). A WPA-2 handshake is initiated by a router in bridge mode only when connecting or reconnecting to a router.
- Extenders and satellites are affected during a WPA-2 handshake that is initiated only when connecting or reconnecting to a router.
- Mobile hotspots are only affected while using WiFi data offloading, which is not enabled by default.
If these vulnerabilities are exploited, an attacker could potentially perform the following types of attacks, among others:
- Eavesdrop on communication between the affected product and the router to which it connects.
- Hijack unencrypted web sessions (sessions not using HTTPS). Encrypted traffic, such as banking website sessions, remains protected.
These WPA-2 vulnerabilities affect the following products:
Orbi and Orbi Pro WiFi Systems:
- SRR60 running firmware versions 1.12.1.28 or earlier
- SRS60 running firmware versions 1.12.1.28 or earlier
Routers and Gateways (when used in bridge mode):
- D7800 running firmware versions 1.0.1.28 or earlier
- D8500 running firmware versions 1.0.3.29 or earlier
- R6100 running firmware versions 1.0.1.16 or earlier (End of Support)
- R6250 running firmware versions 1.0.4.14 or earlier
- R6300v2 running firmware versions 1.0.4.12 or earlier
- R6400 running firmware versions 1.0.1.26 or earlier
- R6400v2 running firmware versions 1.0.2.44 or earlier
- R6700 running firmware versions 1.0.1.36 or earlier
- R6700v2 running firmware versions 1.2.0.8 or earlier
- R6700v3 running firmware versions 1.0.2.48 or earlier
- R6800 running firmware versions 1.2.0.8 or earlier
- R6900 running firmware versions 1.0.1.34 or earlier
- R6900v2 running firmware versions 1.2.0.8 or earlier
- R6900P running firmware versions 1.3.0.8 or earlier
- R7000 running firmware versions 1.0.9.18 or earlier
- R7000P running firmware versions 1.2.0.8 or earlier
- R7100LG running firmware versions 1.0.0.34 or earlier
- R7300DST running firmware versions 1.0.0.60 or earlier
- R7500 running firmware versions 1.0.0.110 or earlier (End of Support)
- R7500v2 running firmware versions 1.0.3.20 or earlier
- R7800 running firmware versions 1.0.2.38 or earlier
- R7900P running firmware versions 1.3.0.8 or earlier
- R8000P running firmware versions 1.3.0.8 or earlier
- R8300 running firmware versions 1.0.2.106 or earlier
- R8500 running firmware versions 1.0.2.106 or earlier
- R8900 running firmware versions 1.0.2.40 or earlier
- R9000 running firmware versions 1.0.2.40 or earlier
- WNDR4300v2 running firmware versions 1.0.0.50 or earlier
- WNDR4500v3 running firmware versions 1.0.0.50 or earlier
WiFi Range Extenders:
- EX2700 running firmware versions 1.0.1.28 or earlier
- EX3110 running firmware versions 1.0.0.44 or earlier
- EX3700 running firmware versions 1.0.0.70 or earlier
- EX3800 running firmware versions 1.0.0.70 or earlier
- EX6000 running firmware versions 1.0.0.28 or earlier
- EX6100v1 running firmware versions 1.0.2.18 or earlier
- EX6100v2 running firmware versions 1.0.1.54 or earlier
- EX6110 running firmware versions 1.0.0.44 or earlier
- EX6120 running firmware versions 1.0.0.40 or earlier
- EX6130 running firmware versions 1.0.0.16 or earlier
- EX6150v1 running firmware versions 1.0.0.34 or earlier
- EX6150v2 running firmware versions 1.0.1.54 or earlier
- EX6200v1 running firmware versions 1.0.3.82 or earlier
- EX6200v2 running firmware versions 1.0.1.50 or earlier
- EX6400 running firmware versions 1.0.1.72 or earlier
- EX7000 running firmware versions 1.0.1.58 or earlier
- EX7300 running firmware versions 1.0.0.68 or earlier
- EX8000 running firmware versions 1.0.0.102 or earlier
- PR2000 running firmware versions 1.0.0.18 or earlier
- WN2000RPTv3 running firmware versions 1.0.1.8 or earlier
- WN2500RPv2 running firmware versions 1.0.1.46 or earlier
- WN3000RPv2 running firmware versions 1.0.0.52 or earlier
- WN3000RPv3 running firmware versions 1.0.2.32 or earlier
- WN3100RPv2 running firmware versions 1.0.0.42 or earlier
WiFi Adapters:
- A6100 running firmware versions 1.0.0.32 or earlier
- A6210 running firmware versions 1.0.0.36 or earlier
- A7000 running firmware versions 1.0.0.11 or earlier (Windows)
- A7000 running firmware versions 1.0.0.8 or earlier (Mac)
- WNA3100M running firmware versions 1.2.0.7 or earlier
- WNDA3100v3 running firmware versions 1.0.0.10 or earlier
Mobile Hotspots:
- AC810 running firmware versions NTG9X40C_11.14.08.31 or earlier
- AC815 running firmware versions NTG9X40C_11.14.08.31 or earlier
USB Modem:
- DC112A running firmware versions 1.0.0.30 or earlier
Wireless Access Points:
- WAC104 running firmware versions prior to 1.0.4.9
- WAC120 running firmware versions prior to 2.1.5
- WAC505 running firmware versions prior to 1.5.3.7
- WAC510 running firmware versions prior to 1.5.3.7
- WAC720 running firmware versions prior to 3.7.12.0
- WAC730 running firmware versions prior to 3.7.12.0
- WAC740, controller managed only
- WN370, controller managed only
- WN604 running firmware versions prior to 3.3.8
- WNAP210v2 running firmware versions prior to 3.7.7.0
- WNAP320 running firmware versions prior to 3.7.7.0
- WND930 running firmware versions prior to 2.1.3
- WNDAP350 running firmware versions prior to 3.7.7.0
- WNDAP360 running firmware versions prior to 3.7.7.0
- WNDAP380R, controller managed only
- WNDAP620 running firmware versions prior to 2.1.4
- WNDAP660 running firmware versions prior to 3.7.7.0
NETGEAR has released firmware updates that fix the WPA-2 vulnerabilities for all affected products except the R6100 and R7500, which are outside the security support period.
For Orbi products, firmware updates are sent to your devices automatically. You do not need to update your firmware manually.
For standalone access points, update your access point’s firmware. For controller-managed access points, update your wireless controller’s firmware.
The wireless controllers themselves are not affected by the vulnerability because wireless clients do not connect directly to the controller. However, you must update the wireless controller firmware so that the controller can update the access points that it is managing. NETGEAR has addressed the WPA-2 vulnerabilities in the latest firmware for the following wireless controller models:
- WC7500, firmware version 6.5.3.2
- WC7520, firmware version 2.5.0.45
- WC7600v1, firmware version 6.5.3.2
- WC7600v2, firmware version 6.5.3.2
- WC9500, firmware version 6.5.3.2
To download the latest firmware for your NETGEAR product:
- Visit NETGEAR Support.
- Start typing your model number in the search box, then select your model from the drop-down menu as soon as it appears.
If you do not see a drop-down menu, make sure that you entered your model number correctly, or select a product category to browse for your product model.
- Click Downloads.
- Under Current Versions, select the download whose title begins with Firmware Version.
- Click Download.
- (Optional) To view the release notes for this firmware version, click Release Notes.
- Unzip the new firmware to an easy-to-find location, such as your desktop.
- Follow the firmware upgrade instructions in your product’s user manual, which is available on your product’s support page under User Guides and Documentation.
NETGEAR strongly recommends that you download the latest firmware as soon as possible.
Disclaimer
This document is provided on an "as is" basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information in the document or materials linked from the document is at your own risk. NETGEAR reserves the right to change or update this document at any time. NETGEAR expects to update this document as new information becomes available.
The WPA-2 vulnerabilities remain if you do not complete all recommended steps. NETGEAR is not responsible for any consequences that could have been avoided by following the recommendations in this notification.
Acknowledgements
Mathy Vanhoef (https://www.krackattacks.com/)
Common Vulnerability Scoring System
CVSS v3 Rating: Medium
CVSS v3 Score: 6.8
CVSS v3 Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Contact
We appreciate and value having security concerns brought to our attention. NETGEAR constantly monitors for both known and unknown threats. Being pro-active rather than re-active to emerging security issues is fundamental for product support at NETGEAR.
It is NETGEAR's mission to be the innovative leader in connecting the world to the internet. To achieve this mission, we strive to earn and maintain the trust of those that use NETGEAR products for their connectivity.
To report a security vulnerability, visit http://www.netgear.com/about/security/.
If you are a NETGEAR customer with a security-related support concern, you can contact NETGEAR customer support at techsupport.security@netgear.com.
Revision History
2017-10-16: Published advisory
2017-10-16: Edited description of vulnerability for clarity
2017-10-16: Updated list of affected products
2017-10-25: Added WAC104 to the list of fixed products
2017-11-3:
- Added SRS60 to the list of affected products
- Added the following CVE IDs:
- CVE-2017-13084
- CVE-2017-13086
- CVE-2017-13087
- CVE-2017-13088
2017-11-17:
- Added R6900, WAC740, WN370, and WNDAP380R to the list of affected products
- Added WAC740, WN370, and WNDAP380R to the list of fixed products
- Added an explanation of the procedure for updating controller-managed access points
2017-11-21:
- Added SRR60 to the list of affected products
- Added security hotfixes and download instructions for SRR60 and SRS60 (Orbi Pro)
- Mentioned KRACK attacks by name
2017-12-19:
Added the following 28 products to the list of fixed products: EX2700, EX3110, EX3700, EX3800, EX6000, EX6100, EX6100v2, EX6110, EX6120, EX6130, EX6150v1, EX6150v2, EX6200, EX6200v2, EX6400, EX7000, EX7300, EX8000, R6100, R6250, R6300v2, R6400,R7800, R8900, R9000, WN2000RPTv3, WN3000RPv3, WN3100RPv2
2018-01-26: Added PR2000 to the list of fixed products
2018-06-29:
- Removed all mentions of Arlo products and moved the Arlo vulnerabilities to a separate advisory
- Removed the Arlo PSV (PSV-2017-2837) from the advisory title
- Corrected the listed firmware version for WC7500, WC7600v1, WC7600v2, and WC9500 from 6.5.2.3 to 6.5.3.2
- Added a new paragraph to the disclaimer section
2018-09-28:
- Added a statement that all affected models are fixed
- Removed the list of fixed models
- Removed the workarounds section because all models are now fixed
- Removed the security hotfixes section because all models are now fixed
- Removed the statement that NETGEAR plans to update the advisory when we have more information
2020-03-04:
- Added R6700v3 to the list of affected models
2020-05-26:
- Updated firmware version information for the following products: A7000, EX2700, EX3700, EX3800, EX6000, EX6100v1, EX6100v2, EX6120, EX6150v1, EX6150v2, EX6200v1, EX6400, EX7000, EX7300, R6700v2, R6700v3, R6800, R6900, R7000, R7500v2, R7800, WN2000RPTv3, WN3100RPv2, AC810, and AC815
- Added the following to the list of affected products: EX3110, EX6110, EX8000, WN2500RPv2, WN3000RPv2, R6300v2, R6400, R6400v2, R6700, R6900P, R6900v2, R7000P, R7100LG, R7300, R7900P, R8000P, R8900, WNDR4300v2, WNDR4500v3, D7800, D8500, and DC112A.
- Removed the following from the list of affected products: JR6150, R6020, R6050, R6080, R6120, R6220, RBS40, RBS50, RBW30, and MR1100
- Added a list of affected products that are outside the security support period
Last Updated:05/26/2020
|
Article ID: 000049498