Posted: Tue Oct 17, 2017 18:30 Post subject: Re: Krack CVE
Slobodan, are you using DD-WRT on your Asus RT-N16?
Which patched build works?
I have the same unit, running Merlin at the moment but it seems not patched yet.
Thanks!
It is not useless. Not all your client devices can get updated. Patching DD-WRT AP can secure your home or owned Wi-Fi environment. At least you won't need to have VPN connection at home to have more secure connections due to the vulnerability.
apacheguy wrote:
Yeah, my understanding is that the vulnerability only affects a router operating in client/repeater mode. If it is just a straight AP then he patch is pretty useless.
Asus RT-ac68u B1 will not boot on the new 10/17 load. I can confirm 10/10 load boots no problem; its very stable. Anyone else experiencing issues with the new beta?
Posted: Wed Oct 18, 2017 1:23 Post subject: Re: Krack CVE
lovaduck wrote:
Slobodan, are you using DD-WRT on your Asus RT-N16?
Which patched build works?
I have the same unit, running Merlin at the moment but it seems not patched yet.
Thanks!
I did not install 33525 yet on my RT-N16, I assume that it works fine, since it works fine on my E4200 V1 (pretty much the same specs). _________________ 2 times APU2 Opnsense 21.1 with Sensei
2 times RT-AC56U running DD-WRT 45493 (one as Gateway, the other as AP, both bridged with LAN cable)
3 times Asus RT-N16 shelved
E4200 V1 running freshtomato 2020.8 (bridged with LAN cable)
3 times Linksys WRT610N V2 converted to E3000 and 1 original E3000 running freshtomato 2020.8 (bridged with LAN cable)
It is not useless. Not all your client devices can get updated. Patching DD-WRT AP can secure your home or owned Wi-Fi environment. At least you won't need to have VPN connection at home to have more secure connections due to the vulnerability.
Patching the dd-wrt AP will NOT protect an unpatched client. The client will still be vulnerable.
Asus RT-ac68u B1 will not boot on the new 10/17 load. I can confirm 10/10 load boots no problem; its very stable. Anyone else experiencing issues with the new beta?
I can confirm here too that the newest firmware does not work on the AC68U. The 10/10 firmware is okay.
The 10/17 AC68U firmware that does not work:
MD5: 1CE8AD8488D0C2832D4D622AE238A9A0
SHA1: 1985F0B237EB8ABA473A1A7A36E9C51F915A3258
Here are list the fixes along with company's names and status:
Apple: Apple has ALREADY released a patch update in macOS 10.11.1 (beta only). The company will widely roll out an update for iOS and Mac users in a few days.
Windows: Windows reacted promptly and sent out an automatic update for Windows 7, 8, 8.1 & 1o users.
Linux: Linux worked swiftly and released KRACK Wi-Fi Patches updates for Ubuntu 14.04+, Arch, OpenBSD, Debian, Gentoo, and Linux upstream.
Intel chipsets: Intel released firmware updates for its various chipsets.
Raspberry Pi: Jessian, Stretch has been fixed. Wheezy and others will receive updates by October 17.
Android: Android will fix at patch level by November 6, 2017.
Lineage OS: Fixes have been merged and will be rolled out in next weekly release.
Samsung: Samsung’s flagship devices have received Google security patches, but older models have still not received KRACK Wi-Fi patches.
iOS: Apple will likely release the KRACK Wi-Fi patch in iOS 11.1 this week.
Google Wi-Fi: Google will release a patch soon.
Apple Airport: No news on the Apple Airport.
Netgear: No updates have been released. Expect updates soon.
UniFi: Firmware 3.9.3 solves the concern.
Microtik: RouterOS v6.39.3, v6.40.4, v6.41rc and up.
LEDE: Fixes available in night by night updates.
Eero: eerOS 3.5 and up is secure.
AVM: AVM is somewhat aware of the vulnerability but doesn’t feel an update is necessary.
DD-WRT: Fixed in core, waiting for an update.
Meraki: Fixed with Meraki 24.11 and 25.7.
Aruba: Updates are available across Aruba hardware.
FortiNet: FortiAP 5.6.1 and up are secure.
Cisco: Updates are now available on Cisco hardware.
TP-Link: The company, doesn't know much about the vulnerability.
Synology: KRACK Wi-Fi security fix is now available.
KPN (NL): No information on the fix.
Nest: Nest claims that their devices aren't affected.
Sonos: No information on Sonos.
Amazon: Amazon is still in the process of reviewing devices while there is no fix issued for Echo etc.
Belkin: Belkin is aware of the issue, yet there is no fix for Wemo/Linksys devices.
