D-Link Forums

D-Link Wireless Access Points For Business => DWL-8600AP => Topic started by: GreenBay42 on January 25, 2018, 09:44:09 AM

Title: KRACK Firmware Patch - 4.3.0.2B10 BETA Released
Post by: GreenBay42 on January 25, 2018, 09:44:09 AM

A patch firmware has been released for the KRACK vulnerability.

Download Firmware --> ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DWL-8600/REVA/DWL-8600AP_REVA_FIRMWARE_PATCH_v4.3.0.2_B10.zip (ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DWL-8600/REVA/DWL-8600AP_REVA_FIRMWARE_PATCH_v4.3.0.2_B10.zip)

Release Notes:

Problems Resolved:
A WPA2 wireless protocol vulnerability was reported to CERT//CC and public disclosed as: VU#228519 - Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to induce nonce and session key reuse.

The following CVE IDs have been assigned to VU#228519. These vulnerabilities in the WPA2 protocol:

• CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake
• CVE-2017-13078: reinstallation of the group key in the Four-way handshake
• CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake
• CVE-2017-13080: reinstallation of the group key in the Group Key handshake
• CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake
• CVE-2017-13082: accepting a retransmitted Fast BSS Transition Re-association Request and reinstalling the pairwise key while processing it
• CVE-2017-13084: reinstallation of the STK key in the PeerKey handshake
• CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake
• CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
• CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame

Other Fixes:

• HTTP Redirection is not working (HQ20170522000008)
• DWL-3600/6600 + DWC-2000 - no dynamic VLAN allocation (DEUR20170109000005-Central Europe; HQ20170110000008)
• 5GHz connection speed issue in managed mode (IMA20160721000004- India; HQ20160726000004)
• After Controller manages DWL-8600AP, httpd is still alive and user can access web UI (DI20160602000002-Japan; HQ20160603000001)
• Remove STBC function in web
• Malformed Email Notification that is being blocked ALG-enabled Firewall (DUSA20160412000001-USA; HQ20160414000005)
• Web UI reboot issue (DI20150611000003-Japan; HQ20150721000012)
• AP stop process radius request with DWS-3160 (DEUR20150917000002; HQ20151214000001)
• Wireless clients are getting disconnected very frequently (DI20151224000001-India; HQ20160108000001)
• Accommodate 32 characters for administrative password in WEB/CLI (DEUR20140905000005)
• New feature - bonjour across Vlan
• DNA doesn't display subversion (DDP).
• Confirm button of redirect html page (web)
• Standalone F/W upgrade through Web UI  didn't redirect to login page in upgrade timeout case (HQ20151210000013)