Zyxel security advisory for the key management vulnerabilities of WPA2 protocol

Zyxel_Forum_AdminZyxel_Forum_Admin Posts: 19 admin
edited October 27, 2017 6:35PM in News and New Release

Zyxel is aware of the recently found key management vulnerabilities of the WiFi Protected Access II (WPA2) security protocol, as identified in US-CERT vulnerability note VU#228519, with the vulnerability IDs listed in table 1.

What are the vulnerabilities?

These vulnerabilities affect wireless products that connect to WiFi networks n different ways, depending on the role of products as WiFi clients or servers, as described in table 1 below.

Table 1.

 

Type of attack

CVE IDs

Devices impacted

4-way handshake

CVE-2017-13077

WiFi clients

Group-key handshake

CVE-2017-13078

CVE-2017-13079

CVE-2017-13080

CVE-2017-13081

CVE-2017-13087

CVE-2017-13088

WiFi clients

802.11r Fast-BSS Transition (FT)

CVE-2017-13082

Access points

Peer-key handshake

CVE-2017-13084

CVE-2017-13086

WiFi clients

It is important to note that an attacker has to be physically nearby and is within the wireless range to exploit these weaknesses.[1]

Please see: https://www.krackattacks.com/#details for more technical information.

We have conducted a thorough investigation and Nebula Access Points are immune from above CVE vulnerabilities.

For more information and technical details regarding the vulnerabilities please see below references:

1.      US-CERT VU note: https://www.kb.cert.org/vuls/id/228519/

2.      Disclosure by by Mathy Vanhoef of imec-DistriNet of KU Leuven: https://www.krackattacks.com/

newtypeNebula_IreneNebula_Bayardo
Sign In to comment.