Netgear/Support - Security Advisory for WPA-2 Vulnerabilities

Vulnerability Note VU#228519

• CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
• CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
• CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
• CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
• CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
• CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request

and reinstalling the pairwise encryption key (PTK-TK) while processing it.

• CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
• CVE-2017-13086: Reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key

in the TDLS handshake.

• CVE-2017-13087: Reinstallation of the group key (GTK) when processing a Wireless Network

Management (WNM) Sleep Mode Response frame.

• CVE-2017-13088: Reinstallation of the integrity group key (IGTK) when processing a Wireless

Network Management (WNM) Sleep Mode Response frame.

Security Advisory for WPA-2 Vulnerabilities

Associated CVE IDs:

• CVE-2017-13077
• CVE-2017-13078
• CVE-2017-13079
• CVE-2017-13080
• CVE-2017-13081
• CVE-2017-13082

These WPA-2 vulnerabilities affect the following products:

Orbi WiFi Systems:

• Netgear Orbi Satellite (RBS50) running firmware version 2.0.0.74 or earlier
• Netgear Orbi Satellite (RBS40) running firmware version 2.0.0.56 or earlier
• Netgear Orbi Wall Plug Satellite (RBW30) running firmware version 2.0.0.34 or earlier

WiFi Adapters:

• Netgear A6100 running firmware version 1.0.0.32 or earlier
• Netgear A6210 running firmware version 1.0.0.36 or earlier
• Netgear A7000 running firmware version 1.0.0.11 or earlier
• Netgear WNA3100M running firmware version 1.2.0.7 or earlier
• Netgear WNDA3100v3 running firmware version 1.0.0.10 or earlier

Routers and Gateways (when used in bridge mode):

• Netgear JR6150 running firmware version 1.0.1.10 or earlier
• Netgear R6020 running firmware version 1.0.0.18 or earlier
• Netgear R6050 running firmware version 1.0.1.10 or earlier
• Netgear R6080 running firmware version 1.0.0.18 or earlier
• Netgear R6100 running firmware version 1.0.1.16 or earlier
• Netgear R6120 running firmware version 1.0.0.30 or earlier
• Netgear R6220 running firmware version 1.1.0.50 or earlier
• Netgear R6250 running firmware version 1.0.4.14 or earlier
• Netgear R6700v2 running firmware version 1.1.0.42 or earlier
• Netgear R6800 running firmware version 1.1.0.42 or earlier
• Netgear R7000 running firmware version 1.0.9.12 or earlier
• Netgear R7500 running firmware version 1.0.0.110 or earlier
• Netgear R7500v2 running firmware version 1.0.3.16 or earlier
• Netgear R7800 running firmware version 1.0.2.36 or earlier
• Netgear R8300 running firmware version 1.0.2.106 or earlier
• Netgear R8500 running firmware version 1.0.2.106 or earlier
• Netgear R9000 running firmware version 1.0.2.40 or earlier

WiFi Range Extenders:

• Netgear EX2700 running firmware version 1.0.1.20 or earlier
• Netgear EX3700 running firmware version 1.0.0.62 or earlier
• Netgear EX3800 running firmware version 1.0.0.62 or earlier
• Netgear EX6000 running firmware version 1.0.0.20_1.0.11 or earlier
• Netgear EX6100v1 running firmware version 1.0.2.16_1.1.130 or earlier
• Netgear EX6100v2 running firmware version 1.0.1.50 or earlier
• Netgear EX6120 running firmware version 1.0.0.30_1.0.20 or earlier
• Netgear EX6130 running firmware version 1.0.0.16 or earlier
• Netgear EX6150v1 running firmware version 1.0.0.32_1.0.68 or earlier
• Netgear EX6150v2 running firmware version 1.0.1.50 or earlier
• Netgear EX6200v1 running firmware version 1.0.3.76_1.1.111 or earlier
• Netgear EX6200v2 running firmware version 1.0.1.50 or earlier
• Netgear EX6400 running firmware version 1.0.1.60 or earlier
• Netgear EX7000 running firmware version 1.0.0.50_1.0.101 or earlier
• Netgear EX7300 running firmware version 1.0.1.60 or earlier
• Netgear WN2000RPTv3 running firmware version 1.0.1.4 or earlier
• Netgear WN3000RPv3 running firmware version 1.0.2.32 or earlier
• Netgear WN3100RPv2 running firmware version 1.0.0.22 or earlier

Mobile Hotspots:

• Netgear AC810
• Netgear AC815
• Netgear Nighthawk M1 (MR1100) - Support page

Arlo Cameras:

• Netgear ABC1000
• Netgear VMC3040
• Netgear VMC3040S

Wireless Access Points:

• Netgear WAC104 running firmware versions prior to 1.0.4.9
• Netgear WAC120 running firmware versions prior to 2.1.5
• Netgear WAC505 running firmware versions prior to 1.5.3.7
• Netgear WAC510 running firmware versions prior to 1.5.3.7
• Netgear WAC720 running firmware versions prior to 3.7.12.0
• Netgear WAC730 running firmware versions prior to 3.7.12.0
• Netgear WN604 running firmware versions prior to 3.3.8
• Netgear WNAP210v2 running firmware versions prior to 3.7.7.0
• Netgear WNAP320 running firmware versions prior to 3.7.7.0
• Netgear WND930 running firmware versions prior to 2.1.3
• Netgear WNDAP350 running firmware versions prior to 3.7.7.0
• Netgear WNDAP360 running firmware versions prior to 3.7.7.0
• Netgear WNDAP620 running firmware versions prior to 2.1.4
• Netgear WNDAP660 running firmware versions prior to 3.7.7.0

Firmware fixes are currently available for the following affected products:

Wireless Access Points:

• Netgear WAC120 - Firmware Version 2.1.5
• Netgear WAC505 - Firmware Version 1.5.3.7
• Netgear WAC510 - Firmware Version 1.5.3.7
• Netgear WAC720 - Firmware Version 3.7.12.0
• Netgear WAC730 - Firmware Version 3.7.12.0
• Netgear WN604 - Firmware Version 3.3.8
• Netgear WNAP210v2 - Firmware Version 3.7.7.0
• Netgear WNAP320 - Firmware Version 3.7.7.0
• Netgear WND930 - Firmware Version 2.1.3
• Netgear WNDAP350 - Firmware Version 3.7.7.0
• Netgear WNDAP360 - Firmware Version 3.7.7.0
• Netgear WNDAP620 - Firmware Version 2.1.4
• Netgear WNDAP660 - Firmware Version 3.7.7.0