On October 16th, 2017, an industry wide vulnerability (VU#228519) in WPA/WPA2, codenamed KRACK, was made public. We have evaluated our products and online services to assess the impact of this vulnerability.
- Wi-Fi AP functionality is NOT affected by this vulnerability.
- Wi-Fi WAN (also known as Wi-Fi as WAN or Wi-Fi client) functionality is affected.
In general, our products which support “Wi-Fi WAN” functionality is affected, including:
- MAX: 700, OTG, BR1, BR1 Mini, BR1 Slim, BR1 Pro, HD2, HD4, Hotspot, Transit
- MediaFast: HD2, HD4
- Surf: SOHO, On-The-Go
- Device Connector series
You may disable the Wi-Fi WAN feature to temporarily eliminate the vulnerability.
- We are developing firmware to address the vulnerability.
- Release 7.0.3 for MAX and SOHO (only to those models that have Wi-Fi WAN)
- Release 6.3.5 for previous generation of MAX and SOHO, which can only support Firmware 6.x series
- Release 1.1.1 for Device Connector Rugged
- Release 1.0.30 for Surf On-The-Go
ETA for the firmware releases is within two weeks.
Official Vulnerability Note on VU#228519 at CERT: http://www.kb.cert.org/vuls/id/228519
Oct 19 - added clarification for client mode operation