D-Link Forums

D-Link Wireless Access Points For Business => DAP-2310 => Topic started by: GreenBay42 on December 19, 2017, 11:15:53 AM

Title: DAP-2310 Rev B - KRACK firmware patch v2.10RC039 Released
Post by: GreenBay42 on December 19, 2017, 11:15:53 AM
Firmware to fix the KRACK exploit has been released. This firmware is BETA.

Firmware --> ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DAP-2310/REVB/DAP-2310_REVB_FIRMWARE_PATCH_v2.10RC039_BETA.zip (ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DAP-2310/REVB/DAP-2310_REVB_FIRMWARE_PATCH_v2.10RC039_BETA.zip)

Release Notes:

A WPA2 wireless protocol vulnerability was reported to CERT//CC and public disclosed as: VU#228519 - Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to induce nonce and session key reuse.

The following CVE IDs have been assigned to VU#228519. These vulnerabilities in the WPA2 protocol:
• CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake
• CVE-2017-13078: reinstallation of the group key in the Four-way handshake
• CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake
• CVE-2017-13080: reinstallation of the group key in the Group Key handshake
• CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake
• CVE-2017-13082: accepting a retransmitted Fast BSS Transition Re-association Request and reinstalling the pairwise key while processing it
• CVE-2017-13084: reinstallation of the STK key in the PeerKey handshake
• CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake
• CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
• CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame