The Key Reinstallation Attack (named KRACK by its authors) was published earlier this week by security researchers. It allows attackers within range of a WiFi access point the ability to monitor data sent between a WiFi client and an Access Point.
Our analysis of this exploit is that Cradlepoint router AP functionality is not at risk, but WiFi-as-WAN and WiFi Client Mode functionality is at risk. Along with our Wireless driver vendors and WiFi Authentication services, we are updating our routers to mitigate this issue.
For more information, please see
The related CVEs are:
|
CVE-2017-13077 |
Reinstallation of the pairwise key in the Four-way handshake |
|
CVE-2017-13078 |
Reinstallation of the group key in the Four-way handshake |
|
CVE-2017-13079 |
Reinstallation of the integrity group key in the Four-way handshake |
|
CVE-2017-13080 |
Reinstallation of the group key in the Group Key handshake |
|
CVE-2017-13081 |
Reinstallation of the integrity group key in the Group Key handshake |
|
CVE-2017-13082 |
Accepting a retransmitted FT Reassociation Request and reinstalling the pairwise key while processing it |
|
CVE-2017-13084 |
Reinstallation of the STK key in the PeerKey handshake |
|
CVE-2017-13086 |
Reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake |
|
CVE-2017-13087 |
Reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame |
|
CVE-2017-13088 |
Reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame |