Reply
Posts: 3
Registered: ‎11-20-2017

Re: Patch for KRACK vulnerability WPA2?

No offense, but you have this post referenced as "Solved" and then reference, it isn't solved in the above post.

 

This is misleading and just incorrect.  You have provided a means to make the krack more difficult to execute, but haven't resolved the issue.  Instead, you indicate, if I may paraphrase; "Don't worry about it. We'll patch it automatically." What you haven't told anyone is specifically when you anticipate releasing an update.

 

Anyone in this forum has purchased your new flagship consumer product. It is your responsibility to fairly set expectations and perhaps even share advice about use of your product until patched. With all the "black Friday" and "cyber Monday" events about to decend upon us, I personally would encourage ANYONE who lives in a populated area to avoid using your home network for holiday purchases.

 

Oh, and please, we're all aware it's important to protect your organizations reputation, but claiming something has been solved when, in fact it hasn't, is more telling than simply saying "We're vulnerable and we don't have an ETA for the patch." 

Posts: 5
Registered: ‎10-18-2017

Re: Patch for KRACK vulnerability WPA2?

It appears that the post is now actually "Solved". See post on 20 Nov. https://www.linksys.com/us/support-article?articleNum=246427 According to the release notes:

 

Firmware version:	1.1.2.184933
Release date:		November 20, 2017

- Improved wired and wireless backhaul switching
- Optimized network topology through bandwidth load balancing
- Improved detection of online/offline clients
- Resolved the BlueBorne, dnsmasq and KRACK vulnerabilities
- General bug fixes

 

Thanks very much to the team at Linksys for providing the fix(es). 

Posts: 3
Registered: ‎11-22-2017

Re: Patch for KRACK vulnerability WPA2?


KTouw wrote:

It appears that the post is now actually "Solved". See post on 20 Nov. https://www.linksys.com/us/support-article?articleNum=246427 According to the release notes:

 

Thanks very much to the team at Linksys for providing the fix(es). 


If you use wired backhaul, you probably want to avoid this update.

 

https://community.linksys.com/t5/Velop-Whole-Home-Wi-Fi/Problems-with-new-firmware-1-1-2-184933/td-p...

 

mna
Posts: 4
Registered: ‎12-03-2017

Re: Patch for KRACK vulnerability WPA2?

Please create patches for router EA6400 and extender RE6500 for the KRACK - wifi vulnerability.

 

Please post any additional information for patches for these devices.  Thank you!

Posts: 5
Registered: ‎10-23-2017

Re: Patch for KRACK vulnerability WPA2?

Why does Linksys consider this "solved"?

The Firmware download page for the EA3500 still says:

EA SERIES LINKSYS SMART WI-FI FIRMWARE 

Version:  1.1.40 (Build 162464)
Latest Date:  10/27/2014
Download 18.7 MB 

 

 

Posts: 5
Registered: ‎10-18-2017

Re: Patch for KRACK vulnerability WPA2?

This chain of posts is within the Velop Whole Home Wi-Fi, and that device has been patched. People are posting in this chain for other devices which have not been patched. Perhaps it is time to start a new chain/conversation for the other devices.

 

That said, Linksys marked this as solved before the patch was posted. They may not be paying attention to this chain now that it is considered solved. Another good reason to start a new chain/conversation outside the Velop Whole Home Wi-Fi.

Posts: 5
Registered: ‎10-23-2017

Re: Patch for KRACK vulnerability WPA2?

Good points! Kudos
Posts: 3
Registered: ‎11-20-2017

Re: Patch for KRACK vulnerability WPA2?

Thanks for the post. Unfortunately, you didn't read your own link before posting.

 

The Velop is listed as an "Affected Product" but only the E7500v2 and the E8300 have updates available.

 

 

This picture taken today:

 

IMG_5838[1].PNG

 

Notice the "Up to date" on the right side of the frame.

 

Please note the firmware number is NOT what you advertized.  If you're not running a Velop, please move to the correct forum before posting information that can cause additional confusion. If you ARE using a Velop, perhaps you should look at your own device and tell everyone what it's running for firmware.

 

Look, big picture here, this exploit is something that 98% of the population won't have to worry about. Question is, do you want to volunteer to be in the 2% that is?

 

Maybe you should look closer before "thanking" the company that is leaving people vulnerable and not keeping them updated.

 

Highlighted
Posts: 2
Registered: ‎12-06-2017

Re: Patch for KRACK vulnerability WPA2?

It looks like the patch for the KRACK vulnerability was in a firmware release that was pulled.  That means this is not solved.  When can we expect a patch for this vulnerability?

Posts: 1
Registered: ‎12-15-2017

Re: Patch for KRACK vulnerability WPA2?

I have a WRT3200ACM router with the May 2017 Linksys firmware. I see "WRT3200ACM (CVE-2017-13080 and CVE-2017-13081 Group Key Handshake only" on the Linksys Security Advisories. 

 

What does this mean and what do I need to do, if anything?