Fragment and Forge vulnerabilities(FragAttacks) Statement

Security Advisory
Updated 11-19-2021 02:33:46 AM 22399
This Article Applies to: 

For additional information, see: https://www.wi-fi.org/security-update-fragmentation

TP-Link is aware that researchers have disclosed a set of vulnerabilities about Wi-Fi named FragAttacks.

As soon as we became aware of the details, we immediately launched an investigation. As the investigation progresses, TP-Link will update this advisory with information about affected products.

According to the investigation, the following conditions are required to exploit the wireless vulnerability:

  1. Someone knows your Wi-Fi password and connects to your Wi-Fi network
  2. Someone needs to intercept communication between your router and devices on your Wi-Fi.
  3. In order to achieve the purpose of obtaining private information, an attacker would need to trick a user on the network to visit the attacker's server (Phishing Email, malicious ads, etc.).

Workarounds

  1. Set a strong Wi-Fi password and change it regularly. Being careful not to share your Wi-Fi password.
  2. Periodically check the devices connected to your network. If you see any unknown device, block these devices and change your Wi-Fi password.
  3. We recommend that you use HTTPS protocol to access the website. Don't click on emails from unknown recipients or visit suspicious websites.

Affected

TP-Link will update this advisory as new information emerges.

SOHO Router

Model number

Date

Fixed in Firmware Version

Archer AX90(US)_V1.0

2021/04/29

Archer AX90(US)_V1_210312

Archer AX90(EU)_V1.0

2021/04/29

Archer AX90(EU)_V1_210312

Archer AX10(EU)_V1.0

2021/05/14

Archer AX10(EU)_V1_210420

Archer AX10(US)_V1.0

2021/05/14

Archer AX10(US)_V1_210420

Archer AX10(US)_V1.2

2021/05/14

Archer AX10(US)_V1.2_210421

Archer AX20(EU)_V1.0

2021/05/17

Archer AX20(EU)_V1.0_210514

Archer AX20(US)_V1.0

2021/05/17

Archer AX20(US)_V1.0_210514

Archer AX20(US)_V1.2

2021/05/17

Archer AX20(US)_V1.2_210514

Archer AX20(EU)_V2.0

2021/05/17

Archer AX20(EU)_V2.0_210514

Archer AX20(US)_V2.0

2021/05/17

Archer AX20(US)_V2.0_210514

Archer AX1500(EU)_V1.0

2021/05/17

Archer AX1500(EU)_V1.0_210514

Archer AX1500(US)_V1.0

2021/05/17

Archer AX1500(US)_V1.0_210514

Archer AX1500(US)_V1.2

2021/05/17

Archer AX1500(US)_V1.2_210514

 

Range Extender

Model number

Date

Fixed in Firmware Version

RE505X_V1

2021/05/17

RE505X_V1_210514

RE603X_V1

2021/05/17

RE603X_V1_210514

RE605X_V1

2021/05/17

RE605X_V1_210514

 

Deco

Model number

Date

Fixed in Firmware Version

Deco X90_V1

2021/05/17

Deco X90_V1_20210514

Deco X68_V1

2021/05/17

Deco X68_V1_20210514

 

Omada EAP    

Model number

Date

Fixed in Firmware Version

EAP245(EU)_V3

2021/11/4

EAP245(EU)_V3_5.0.4 Build 20211021

EAP245(US)_V3

2021/11/4

EAP245(US)_V3_5.0.4 Build 20211021

   

 

 

Revision History

2021-05-14 Published advisory

Disclaimer

FragAttacks vulnerabilities will remain if you do not take all recommended actions. TP-Link cannot bear any responsibility for consequences that could have been avoided by following the recommendations in this statement.

Is this faq useful?

Your feedback helps improve this site.

From United States?

Get products, events and services for your region.