Netgear/Support - Security Advisory for WPA-2 Vulnerabilities

From WikiDevi.Wi-Cat.RU
Jump to navigation Jump to search

Vulnerability Note VU#228519

  • CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
  • CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
  • CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
  • CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
  • CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
  • CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request
and reinstalling the pairwise encryption key (PTK-TK) while processing it.
  • CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake.
  • CVE-2017-13086: Reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key
in the TDLS handshake.
  • CVE-2017-13087: Reinstallation of the group key (GTK) when processing a Wireless Network
Management (WNM) Sleep Mode Response frame.
  • CVE-2017-13088: Reinstallation of the integrity group key (IGTK) when processing a Wireless
Network Management (WNM) Sleep Mode Response frame.

Security Advisory for WPA-2 Vulnerabilities

Associated CVE IDs:

  • CVE-2017-13077
  • CVE-2017-13078
  • CVE-2017-13079
  • CVE-2017-13080
  • CVE-2017-13081
  • CVE-2017-13082

These WPA-2 vulnerabilities affect the following products:

Orbi WiFi Systems:
WiFi Adapters:
Routers and Gateways (when used in bridge mode):
WiFi Range Extenders:
Mobile Hotspots:
Arlo Cameras:
  • Netgear ABC1000
  • Netgear VMC3040
  • Netgear VMC3040S
Wireless Access Points:


Firmware fixes are currently available for the following affected products:

Wireless Access Points: