Equally many people accept read or will before long read, there is a vulnerability in the WPA2 wireless protocol called
Krack
that could allow attackers to eavesdrop on wireless connections and inject information into the wireless stream in order to install malware or modify web pages.

To protect yourself, many WiFi production vendors volition be releasing updated firmware and drivers for their products. It is strongly suggested that users update their hardware equally soon as a update is available in order to protect themselves. This includes router firmware and wireless network card drivers.

To help with this, I have created a listing of known information regarding various WiFi vendors and whether new drivers are available. Equally this vulnerability is fairly new, there is little data available, I advise y’all to check this folio throughout the coming days to encounter if new information is bachelor. This page includes information resulting from contacting of vendors,
CERT’s informative folio, and other sources.

Last Updated:
ten/20/17 14:35 EST

Companies with available information:

ADTRAN

ADTRAN
posted in their forums
that they are performing an investigation and will send out a security notice to all signed up users with details. A security advisory was sent out on 10/18/17 to customers that basically reiterates the same information.

Aerohive Networks

Aerohive has released an
advisory
explaining nether what circumstances their products are vulnerable to KRACK. They also included information on what HiveOS upgrades mitigate this attack,

Arch Linux

Arch has pushed out updates for wpa_supplicant and hostapd. Patches tin be found
here
and
here.

Amazon

An Amazon Spokesperson responded to our inquiry with “We are in the process of reviewing which of our devices may incorporate this vulnerability and will exist issuing patches where needed.“.

Apple

Today, October 31st, Apple has released updates for all of their core operating systems that included fixes for the KRACK vulns.

Aruba Networks

Patch data can be institute
here &hither. AFAQ
was posted as well.

Arris

An Arris spokesperson told BleepingComputer:

ARRIS is committed to the security of our devices and safeguarding the millions of subscribers who utilise them. The KRACK flaw affects the WPA2 protocol itself and is not specific to whatever device or manufacturer. There is no electric current evidence of malicious exploits.

ARRIS is evaluating our total Wi-Fi portfolio and will release whatever required firmware updates as chop-chop as possible.

Asus

Asus has
released information
(run into bottom of the page) and working with chipset suppliers to patch the vulns and volition release an update as soon every bit its ready.

AVM

AVM has a
advisory
posted regarding the KRACK vuln. According to AVM “FRITZ!Boxes on broadband connections are currently non affected past the wireless security breach known as “Krack”, as such access points do non employ the afflicted 802.11r standard.”. They also do not seem to exist happy regarding the manner the disclosure was handled.

Barracuda Networks

Barracuda posted an
advisory
that lists affected products and contains links on hotfixes to resolve the KRACK vulns.

Belkin, Linksys, and Wemo

BleepingComputer received a response from Belkin that states:

“Belkin Linksys, and Wemo are aware of the WPA vulnerability.  Our security teams are verifying details and we will advise accordingly.  Too know that we are committed to putting the customer first and are planning to post instructions on our security advisory folio on what customers tin can practice to update their products, if and when required.”

Cisco

Cisco has released an
informational
that discusses the vulnerability in relation to their product and a list of products that are vulnerable. Cisco has stated that IOS and commuter updates are being developed and volition be released. Cisco product users are advised to check the advisory oftentimes for future updates.

Read:  Nexus 5x Firmware Update Do Not Unplug

DD-WRT

A beta version of DD-WRT is on their
FTP Site. At the time of this writing, the latest firmware is in a folder namedx-17-2017-r33525.

Debian

Debian posted an
advisory to the Debian Security Announce mailing list with information on updates that resolve the Krack vulnerability.

Dell

Dell has posted an
informational
that lists all products that are NOT affected by the KRACK vulns.  More than information near afflicted products will be added to the advisory before long.

D-Link

D-Link has posted an
informational
stating that they are waiting for patches from the chipset manufacturers. They further accurately country that “For consumers users, your priority should be updating devices such every bit laptops and smartphones.”.

DrayTek

DrayTek has posted an
informational
detailing what products are affected by KRACK and stating that updates will exist available adjacent week.

Edimax

Edimax posted an
informational stating:

This vulnerability will require collaborative firmware patches from relevant manufacturers. Edimax is requesting assist from them and is working diligently for the firmware fix. Information technology will be published on Edimax website every bit before long as it becomes available.

eero

eero released an
advisory
that states that they take rolled out eeroOS version 3.5, which mitigates the KRACK vulns.

EnGenius

EnGenius has posted an
advisory
with some information near the set on. I was told past an EnGenius spokesperson that they are “working on security patches and will release updates to its firmware by the end of October”.

Espressif

Espressif has released updates forESP-IDF,ESP8266 RTOS SDK, &ESP8266 NONOS SDK
on their
Github page.

Extreme Networks

Extreme Networks released an
advisory
and stated hotfixes for the KRACK vulns will be released starting on October 20th.

F5 Networks

According to a released
advisory, F5 Networks products are not affected past KRACK.

Fedora

Fedora has aFedora 25 update available for testing. The
Fedora 26 and
Fedora 27
udpates are pending to be added to the Stable release.

FreeBSD

Co-ordinate to CERT, FreeBSD is aware of the vulnerability and users should either join their
FreeBSD-Announce mailing listing
or monitor their
Security Information page.

Fortinet

Co-ordinate to
this document, the FortiAP 5.half dozen.1 release stock-still the KRACK vulns.

Google

Android 6.0 and college are currently vulnerable to this attack. When BleepingComputer contacted Google, their statement was “We’re aware of the issue, and we will be patching whatever affected devices in the coming weeks”. No data is available as of yet regarding Google WiFi.

Intel

Intel has released an
advisory, which includes links to updated drivers.

Kisslink

Kisslink has told BleepingComputer that as their products are protected via their Promximity applied science and thus are non using WPA2 or affected by its bugs.

Read:  Update Firmware on an Unmanaged Cisco Sg100

Lede

Updated packages for hostapd-common – 2016-12-19-ad02e79d-5, wpad – 2016-12-19-ad02e79d-v, and wpad-mini – 2016-12-19-ad02e79d-five are available on Ledge. Yous can check for update availability via theopkg list-upgradable command and upgrade usingopkg updatecontrol.

Update ten/18/17:
LEDE
released
the 17.01.4 service release to resolve the KRACK bugs and other issues.

LineageOS

LineageOS has had
patches
merged to prevent the Krak vulns.

Linux

According to the vulnerability release, “Our attack is peculiarly catastrophic against version 2.four and above of wpa_supplicant, a Wi-Fi client commonly used on Linux.“. Patches can be found
here.

Meraki

Updates have been released for Cisco Meraki that resolve the KRACK vuln. More info can be establish in this advisory:802.11r Vulnerability (CVE: 2017-13082) FAQ.

Microchip Technology

Microchip has posted anadvisory
with available updates.

Microsoft

Microsoft quietly
fixed the KRACK vulns in the October tenth Patch Tuesday.

MikroTik

According
to MikroTik: “RouterOS v6.39.3, v6.40.4, v6.41rc are not affected! AP mode devices are not affected. All implemented fixes refer only to station and WDS modes.“. They further stated that firmware versions were released last week to set this vulnerability.

Netgear

Netgear has released an
informational
that contains a list of products afflicted by KRACK and associated updates.

Nest

Stated that patches will be rolled out next week. These will autoupdate and will not crave user intervention.

OpenBSD

OpenBSD was provided a patch that was used to silently update and prepare this vulnerability. More information can be read
here and
here.

Open up-Mesh & CloudTrax

An
advisory
was posted for Open-Mesh & CloudTrax regarding the Krack vuln. An update is expected to be delivered to all of those that employ automated updates by the cease over October 17th. More info at the informational.

Peplink

Peplink has issued an
advisory stating that users of the Wi-Fi equally WAN functionality are vulnerable to this attack. To temporarily gear up this upshot, users can disable this characteristic and wait for an updated firmware to be released.

pfSense

pfSense, which is based off of FreeBSD, has opened an
event
to import FreeBSD’s fix.

Qualcomm

A Qualcomm spokesperson has told BleepingComputer:

“Providing technologies that support robust security and privacy is a priority for Qualcomm Technologies, Inc. (QTI). We take been working with industry partners to identify and address all implementations of the open source security issue involving WPA packet number reuse within Qualcomm-powered products. Patches for these problems are available at present
on the
Code Aurora Forum
and through other distribution channels, with additional patches posted equally shortly as they are verified through our quality assurance process”

Red Hat

Red Hat has generated an
advisory
regarding the vulnerability in wpa_supplicant. No further information bachelor.

Raspberry Pi

As this uses wpa_supplicant, you demand to update to the latest packages. Usesudo apt update
followed bysudo apt upgradeto install a patched wpa_supplicant.

Ruckus Wireless

Ruckus Wireless has posted a
security informational that states that disabling 802.11r volition mitigate CVE-2017-13082. Security patches for affected devices volition be released as soon as they become bachelor.

Sierra Wireless

Sierra Wireless posted a technical bulletin on affected products and remediation plans. Link from
CERT.

Sonicwall

Sonicwall has released an
advisory
that states that they are not vulnerable:

SonicWall Capture Labs has evaluated these vulnerabilities and determined that our SonicPoint and SonicWave wireless access points, every bit well equally our TZ and SOHO Wireless firewalls, are non vulnerable to the flaws in WPA2.

Read:  Cubex Duo Firmware Version to Run Kisslicer

SonicWall is working on a solution to provide an additional layer of protection for SonicWall customers that will block these man-in-the-eye attacks even from vulnerable unpatched clients. This will be delivered in a future SonicOS update.

Sophos

Sophos has released an
informational
stating that the Sophos UTM Wireless, Sophos Firewall Wireless, Sophos Central Wireless, and Cyberoam  Wireless products are affected by the Krack vulnerability.  Updates for these products will exist released soon.

Synology

Synology posted an
advisory
that indicates Synology DiskStation Managing director (DSM) with attached WiFi dongle and Synology Router Manager (SRM) are vulnerable to Krack. According to Synology, updates for affected products will be released shortly.

Tanaza

Tanaza has reached out to BleepingComputer to advise that their v2.15.ii firmware contains a patch for KRACK.

Toshiba

According to CERT, Toshiba’south SureMark 4610 Printer (Models 1NR, 2CR, 2NR) with Wireless Lan Adapter &
Canvio AeroMobile Wireless SSD
product are affected. Toshiba will be contacting owners and business partners directly in regards to the printer and a firmware update volition be released for the wireless SSD menu.

TP-Link

When I contacted TP-Link tech support, I was told “Our seniors are keeping an eye on this consequence. Currently nosotros haven’t received any feedback that TP-Link product is afflicted by that. We will offer an update on our official website once nosotros have whatsoever new info.

On October 18, TP-Link issued the following
argument
with details on affected products.

Turris Omnia

Turris, which uses OpenWRT,
posted in their forums
that a
patch
was added to their repository that they are going to examination and release a fix. Hopefully, this volition lead to OpenWRT releasing an update soon as well.

Ubiquiti (UniFi, AmpliFi,  airMax)

Ubiquiti accept posted an
advisory
that provides details on what UniFi, AmpliFi, and airMax products are affected by the KRACK vulnerability. This advisory also provides links to the updates that resolve this attack.

It should be noted that the 802.11r (Fast Roaming) beta feature is withal vulnerable and information technology is brash that information technology exist disabled until a future update resolves the issue.

Ubuntu

Ubuntu has released an
advisory
with information on how to update wpa_supplicant and hostapd in order to resolve this vulnerability.

WatchGuard

WatchGuard has issued an
advisory
outlining when updates are going to exist available for their various products and services.

WiFi Alliance Announcement

The WiFi Alliance released an
declaration
regarding the KRACK vulns, what products are affected, and how to mitigate the issues. New version of Xirrus AOS volition be released by October 30th 2017.

Xirrus/Riverbed

Xirrus/Riverbed have posted an
advisory

Zyxel

Zyxel has created a
page
that details what products are affected. While they are working to fix the vulnerability, there are no updated drivers and firmware bachelor.

Companies claimed to be not affected by Krack:

Arista Networks, Inc.
Lenovo
Vmware

Companies with no available data:

3com Inc
Actiontec
Alcatel-Lucent
AsusTek Reckoner Inc.
Atheros Communications, Inc.
Broadcom
CentOS
EMC Corporation
Extreme Networks
F5 Networks, Inc.
Foundry Brocade
Hewlett Packard Enterprise
IBM, INC.
Kyocera Communications
Marvell Semiconductor
MediaTek