WPA2 Security (KRACKs) Vulnerability Statement
Description
TP-Link is aware of vulnerabilities in the WPA2 security protocol that affect some TP-Link products. An attacker within wireless range of a Wi-Fi network can exploit these vulnerabilities using key reinstallation attacks (KRACKs). According to the research paper on KRACKs by Mathy Vanhoef that brought this vulnerability to the attention of vendors, the attack targets the WPA2 handshake and does not exploit access points, but instead targets clients. All vulnerabilities can be fixed through software updates since the issues are related to implementation flaws.
TP-Link has been working to solve this problem and will continue to post software updates at: www.tp-link.com/support.html. Products with TP-Link Cloud enabled will receive update notifications in the web management interface, Tether App or Deco App automatically.
More information about KRACK can be found through the link: https://www.krackattacks.com.
Conditions under which devices are vulnerable:
- Physical proximity: An attack can only happen when an attacker is in physical proximity to and within wireless range of your network.
- Time window: An attack can only happen when a client is connecting or reconnecting to a Wi-Fi network.
Unaffected TP-Link products:
All powerline adapters
All mobile Wi-Fi products
Routers and gateways working in their default mode (Router Mode) and AP Mode
Range extenders working in AP Mode
Business Wi-Fi EAP series access points working on AP mode
Affected TP-Link products:
Routers working in Repeater Mode/WISP Mode/Client Mode:
TL-WR840N with firmware version EU 0.9.1 4.16/ Build 170421 or earlier
TL-WR940N with firmware version EU 3.16.9 / Build 160620 or earlier
TL-WR941HP with firmware version UN 3.16.9 / Build 170104 or earlier
TL-WR841HP with firmware version UN 3.16.9 / Build 160612 or earlier
TL-WR902AC with firmware version EU 3.16.9 / Build 170628 or earlier
TL-WR802N with firmware version EU 3.16.9 / Build 151231 or earlier
Routers with WDS function enabled (disabled by default) may be affected. Refer to the FAQ to learn how to check if WDS is enabled on your router.
Range Extenders working in Repeater Mode during a WPA2 handshake that is initiated only when connecting or reconnecting to a router:
TL-WA850RE with firmware version AU 1.0.0 Build 170109 or earlier
TL-WA855RE with firmware version AU 1.0.0 Build 170217 or earlier
RE200 with firmware version AU 3.14.2 Build 160428 or earlier
RE210 with firmware version AU 3.14.2 Build 160517 or earlier
RE305 with firmware version AU 1.0.0 Build 170111 or earlier
RE450 with firmware version AU 1.0.0 Build 170111 or earlier
RE650 with firmware version AU 1.0.2 Build 170524 or earlier
Wireless Adapters:
Archer T6E
Archer T9E
Whole Home Wi-Fi System:
Deco M5 with firmware version AU 1.1.5 Build 170820 or earlier
Business VPN Router/CPE/WBS/CAP:
CAP300 with firmware version EU 1.1.0 Build 170601 or earlier
CAP1750 with firmware version EU 1.1.0 Build 170601 or earlier
CAP1200 with firmware version EU 1.0.0 Build 170801 or earlier
TL-ER604W with firmware version UN 1.1.0 Build 141031 or earlier
CPE520 with firmware version UN 2.1.0 Build 170609 or earlier
CPE510 with firmware version UN 2.1.0 Build 170609 or earlier
CPE220 with firmware version UN 2.0.0 Build 170301 or earlier
CPE210 with firmware version UN 2.1.0 Build 170609 or earlier
WBS210 with firmware version UN 1.3.3 Build 160705 or earlier
WBS510 with firmware version UN 2.1.0 Build 170609 or earlier
Smart home devices:
Smart Plugs and Switch: HS100, HS110
Smart Bulbs: LB100, LB110, LB120, LB130
Cameras: NC250, NC260, NC450
How to protect your devices
Until a software update is available to eliminate the vulnerability for your product, it is recommended to take the following precautions:
For wireless routers: Make sure your routers are in Router Mode or AP Mode, and patch the operating system of your smartphones, tablets and computers.
For wireless adapters: Patch the operating system of your computers.
Microsoft security update: Microsoft has fixed such security issues as mentioned in https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080
FAQ on how to check if WDS function is used on TP-Link routers?
TP-Link has been working on affected models and will release firmware over the next few weeks on our official website.
Associated CVE identifiers
The following Common Vulnerabilities and Exposures (CVE) identifiers have been assigned to track which products are affected by specific types of key reinstallation attacks:
- CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake
- CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake
- CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake
- CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake
- CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
- CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it
- CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake
- CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake
- CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
- CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
Disclaimer
WPA2 vulnerabilities will remain if you do not take all recommended actions. TP-Link will not bear any responsibility for consequences that could have been avoided by following the recommendations in this statement.
Is this faq useful?
Your feedback helps improve this site.
TP-Link Community
Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.