• April 16, 2024, 12:56:44 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: D-Link Response to KRACK  (Read 7207 times)

GreenBay42

  • Administrator
  • Level 11 Member
  • *
  • Posts: 2752
D-Link Response to KRACK
« on: October 17, 2017, 07:34:09 AM »
http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10075

Fixes --> http://forums.dlink.com/index.php?topic=72763.msg292201

On October 16th, researchers disclosed security vulnerabilities in the widely used standard for Wi-Fi security WPA2 (Wi-Fi Protected Access II) that make it possible for attackers to eavesdrop on Wi-Fi traffic. D-Link has immediately taken actions to investigate this matter. This security concern appears to be an industry-wide issue that will require firmware patches to be provided from the relevant semiconductor chipset manufacturers.
 
D-Link has requested assistance from the chipset manufacturers. As soon as the firmware patches are received from the chipset manufacturers, we will post them on our websites immediately. Please take the following important actions to help protect your privacy:
 
1. Is highly recommended to use encrypted communications protocols such as VPN or HTTPS, especially when delivering confidential information.
2. Check our website regularly for the newest firmware updates.
 
For a hacker to use this exploit, the two following conditions must happen:
1. Hacker has to be within your Wi-Fi signal.
2. When a wireless client is connecting to or disconnecting from your wireless network (e.g. a camera reboot).
 
Associated CVE IDs for CERT/CC VU number: VU#228519
CVE-2017-13077
CVE-2017-13078
CVE-2017-13079
CVE-2017-13080
CVE-2017-13081
CVE-2017-13082

The WPA2 protocol is ubiquitous in wireless networking. The vulnerabilities described are in the standard requiring a broad product-line and industry correction. Users are encouraged to install updates to affected products and hosts as they are available. For information about a specific product, check the table in the link below. Note that the table list is not exhaustive, and we recommend to check back frequently over the next 30 days.


List of D-Link products at risk and time table of fixes --> http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10075


Status for all vendors at risk (Industry-wide) - https://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4
« Last Edit: November 30, 2017, 10:51:00 AM by GreenBay42 »
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: D-Link Response to KRACK
« Reply #1 on: October 17, 2017, 09:22:31 AM »
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

GreenBay42

  • Administrator
  • Level 11 Member
  • *
  • Posts: 2752
Re: D-Link Response to KRACK
« Reply #2 on: October 17, 2017, 09:51:22 AM »
Make sure you update your clients - Windows/Mac, iOS and Android. This hack is not accessible through the Internet. A hacker will have to be within your Wi-Fi network to gain access. Make sure you are careful when accessing public Wi-Fi networks (coffee shops, hotels, airport, etc). It is recommended to use your 3g/4g on your smartphone/tablets on public networks until Android, iOS, and Windows have released patches (read the CNET article below).

What to do -->https://www.tomsguide.com/us/wifi-krack-attack-what-to-do,news-25990.html

Industry responses --> https://www.cnet.com/news/krack-wi-fi-attack-patch-how-microsoft-apple-google-responding/
« Last Edit: October 18, 2017, 06:50:13 AM by GreenBay42 »
Logged