WPA2 Security (KRACKs) Vulnerability Statement

Security Advisory
Updated 09-29-2019 09:42:59 AM 458837

Description

TP-Link is aware of vulnerabilities in the WPA2 security protocol that affect some TP-Link products. An attacker within wireless range of a Wi-Fi network can exploit these vulnerabilities using key reinstallation attacks (KRACKs). According to the research paper on KRACKs by Mathy Vanhoef that brought this vulnerability to the attention of vendors, the attack targets the WPA2 handshake and does not exploit access points, but instead targets clients. All vulnerabilities can be fixed through software updates since the issues are related to implementation flaws.

TP-Link have been working to solve this problem and will continue to post software updates at: https://www.tp-link.com/support/. Products with TP-Link Cloud enabled will receive update notifications in the web management interface, Tether App or Deco App automatically.

More information about KRACK can be found through the link: https://www.krackattacks.com.

TP-Link devices that have been fixed:

Wireless Routers:

TL-WR841N(EU) V13 with firmware 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n or later.

TL-WR841N(US) V13 with firmware 0.9.1 4.16 v0348.0 Build 171020 Rel.75834n or later.

TL-WR842N(RU) V5 with firmware 1.1.0 0.9.1 v0001.0 Build 171109 Rel.56772n or later.

TL-WR840N(EU) V5 with firmware version 0.9.1 3.16 v0001.0 Build 171211 Rel.58800n or later.

TL-WR840N(ES) V5 with firmware version 0.9.1 3.16 v01e4.0 Build 180228 Rel.57268n or later.

TL-WR840N(VN) V5 with firmware version 0.9.1 3.16 v02c0.0 Build 180207 Rel.64051n or later.

TL-WR940N(RU) V6 with firmware 3.18.1 Build 171115 Rel.46734n or later.

TL-WR940N(VN) V6 with firmware 3.18.1 Build 171115 Rel.48390n or later.

TL-WR940N(BR) V6 with firmware 3.18.1 Build 171115 Rel.43350n or later.

TL-WR940N(US) V6 with firmware 3.18.1 Build 171030 Rel.43957n or later.

TL-WR940N(TW) V6 with firmware version 3.18.1 Build 171115 Rel.47564n or later.

TL-WR940N(ES) V6 with firmware version 3.18.1 Build 171115 Rel.44481n or later.

TL-WR940N(EU) V6 with firmware version 3.19.1 Build 180119 Rel.59618n or later.

TL-WR940N plus(KR) V6 with firmware version 3.18.1 Build 171115 Rel.45906n or later.

TL-WR940N(JP) V6 with firmware version 3.18.1 Build 171115 Rel.45192n or later.

TL-WR941HP(UN) V2 with firmware version 2.0.1 Build 20171225 Rel.60160 or later.

TL-WR902AC(US) V3 with firmware version 0.9.1 0.2 v008a.0 Build 171229 Rel.54327n or later.

TL-WR902AC(EU) V3 with firmware version 0.9.1 0.1 v0089.0 Build 170828 Rel.57433n or later.

Archer C2(RU) V5 with firmware version 0.9.1 3.16 v0283.0 Build 180105 Rel.60915n or later.

Archer C7(US) V2 with firmware version 3.15.3 Build 180114 Rel.39265n or later.

Archer C7(RU) V4 with firmware version 1.0.4 Build 20171130 Rel.28047 or later.

Archer C7(EU/US/CA/JP) V4 with firmware version 1.0.5 Build 20171101 Rel.37754 or later.

Archer C9(US) V4 with firmware version 1.0.1 Build 20171219 Rel.57874 or later.

Archer C9(EU) V4 with firmware version 1.3.1 Build 20171215 Rel.35219 or later.

Archer C9(US/CA) V3 with firmware version 1.3.1 Build 20171215 Rel.35219 or later.

Archer C9(US) V1 with firmware version 3.17.1 Build 20180125 Rel.56387n or later.

Archer C2300(KR) V1 with firmware version 2.0.1 Build 20171221 Rel.80951 or later.

Archer C5400(KR) V2 with firmware version 1.0.2 Build 20171106 Rel.71351 or later.

Range Extenders:

TL-WA850RE V5 with firmware version 1.0.0 Build 20171116 Rel.36698 or later.

TL-WA850RE V4 with firmware version 1.0.0 Build 20171116 Rel.36232 or later.

TL-WA850RE(US) 2.0 with firmware version 1.0.0 Build 20171123 Rel.41475 or later.

TL-WA850RE(EU) 2.0 with firmware version 1.0.0 Build 20171123 Rel.62444 or later.

TL-WA860RE V5 with firmware version 1.0.0 Build 20171116 Rel.38570 or later.

TL-WA860RE V4 with firmware version 1.0.0 Build 20171116 Rel.38109 or later.

TL-WA855RE V3 with firmware version 1.0.0 Build 20171116 Rel.37646 or later.

TL-WA855RE V2 with firmware version 1.0.0 Build 20171116 Rel.37176 or later.

TL-WA865RE V4 with firmware version 1.0.0 Build 20171116 Rel.39026 or later.

RE650 V1 with firmware version 1.0.4 Build 20171123 Rel.54853 or later.

RE500 V1 with firmware version 1.0.2 Build 20171129 Rel.58168 or later.

RE590T V1 with firmware version 1.0.0 Build 20171122 Rel.62085 or later.

RE580D V1 with firmware version 1.0.0 Build 20171114 Rel.63483 or later.

RE450 V2 with firmware version 1.0.3 Build 20171127 Rel.59316 or later.

RE450 V1 with firmware version 1.0.0 Build 20171215 Rel.55534 or later.

RE380D(US) V1 with firmware version 1.0.0 Build 20171201 Rel.59961 or later.

RE360 V1 with firmware version 1.0.2 Build 20171226 Rel.33711 or later.

RE350 V1 with firmware version 1.0.0 Build 20171121 Rel.63631 or later.

RE305 V1 with firmware version 1.0.0 Build 20171115 Rel.41733 or later.

RE205 V1 with firmware version 1.1.1 Build 20171218 Rel.50791 or later.

RE200 V2 with firmware version 1.1.5 Build 20180208 Rel.62854 or later.

RE200(EU) V1 with firmware version 3.14.2 Build 171206 Rel.32803n or later.

RE200(US) V1 with firmware version 3.14.2 Build 171205 Rel.57551n or later.

Whole Home Wi-FI system:

Deco M5 with firmware version 1.1.6 Build 20171103 Rel. 47257 or later

Smart Home devices:

NC200 with firmware version v2.1.8 or later.

NC260 with firmware version v1.3.3 or later.

NC210 (UN) V1 with firmware 1.0.9 Build 171214 Rel.C9342E or later.

NC230 (UN) V1 with firmware 1.3.0 Build 171205 Rel.2310A2 or later.

NC250 (UN) V1 with firmware 1.3.0 Build 171205 Rel.2310A2 or later.

NC450 (UN) V2 with firmware 1.3.4 Build 171130 Rel.ECC739 or later.

HS105(US) with firmware version v1.5.1 or later.

HS100 (US) V2 with firmware 1.5.1 Build 171109 Rel.165709 or later.

HS110 (US) V2 with firmware 1.5.1 Build 171109 Rel.165709 or later.

HS200 (US) V3 with firmware 1.5.2 Build 171208 Rel.114610 or later.

HS210 (US) V1 with firmware 1.5.2 Build 171208 Rel.113556 or later.(

LB100, LB110, LB120, LB130(US) with firmware v1.7.1 or later.

RE270K, RE370K(US) with firmware v1.1.10 or later.

RE270K, RE370K(EU) with firmware v1.1.10 or later.

KC120(US) with firmware v2.1.3 or later.

Conditions under which devices are vulnerable:

  • Physical proximity: An attack can only happen when an attacker is in physical proximity to and within wireless range of your network.
  • Time window: An attack can only happen when a client is connecting or reconnecting to a Wi-Fi network.

Unaffected TP-Link products:

All powerline adapters

All mobile Wi-Fi products

Routers and gateways working in their default mode (Router Mode) and AP Mode

Range extenders working in AP Mode

Affected TP-Link products:

Routers working in Repeater Mode/WISP Mode/Client Mode:

TL-WR940N with firmware version 3.17.1 Build 170717 Rel.55495n or earlier (Hardware Version 3.0 or earlier not affected)

TL-WR841Nv13 with firmware version 0.9.1 4.16 v0348.0 Build 170814 Rel.59214n or earlier (Hardware Version 12.0 or earlier not affected)

TL-WR840N with firmware version 0.9.1 4.16 v019a.0 Build 170524 Rel.56478n or earlier (Hardware Version 2.0 or earlier not affected)

TL-WR941HP with firmware version 3.16.9 Build 20170116 Rel.50912n or earlier

TL-WR841HP with firmware version 3.16.9 Build 160612 Rel.67073n or earlier

TL-WR902AC with firmware version 3.16.9 Build 20160905 Rel.61455n or earlier

TL-WR802N with firmware version 0.9.1 3.16 v0188.0 Build 170705 Rel.34179n or earlier

TL-WR810N with firmware version 3.16.9 Build 160801 Rel.57365n or earlier

Routers with WDS function enabled (disabled by default) may be affected. Refer to the FAQ to learn how to check if WDS is enabled on your router. 

Range Extenders working in Repeater Mode during a WPA2 handshake that is initiated only when connecting or reconnecting to a router:

TL-WA850RE with firmware version 1.0.0 Build 20170609 Rel.34153 or earlier

TL-WA855RE with firmware version 1.0.0 Build 20170609 Rel.36187 or earlier

TL-WA860RE with firmware version 1.0.0 Build 20170609 Rel.38491 or earlier

RE200 with firmware version 1.1.3 Build 20170818 Rel.58183 or earlier

RE305 with firmware version 1.0.0 Build 20170614 Rel.42952 or earlier

RE450 with firmware version 1.0.2 Build 20170626 Rel.60833 or earlier

RE500 with firmware version 1.0.1 Build20170210 Rel.59671 or earlier

RE650 with firmware version 1.0.2 Build 20170524 Rel.58598 or earlier

Wireless Adapters:

Archer T6E

Archer T9E

Whole Home Wi-Fi System:

Deco M5               with firmware version 1.1.5 Build 20170820 Rel.62483 or earlier

CPE/WBS/CAP:

CAP300 with firmware version 1.1.0 Build 20170601 Rel.60253 or earlier

CAP300-Outdoor with firmware version 1.1.0 Build 20170601 Rel.60212 or earlier

CAP1750 with firmware version 1.1.0 Build 20170601 Rel.60196 or earlier

CAP1200 with firmware version 1.0.0 Build 20170801 Rel.61314 or earlier

TL-ER604W with firmware version 1.2.0 Build 20160825 Rel.45880 or earlier

CPE520 with firmware version 2.1.6 Build 20170908 Rel.45234 or earlier

CPE610 with firmware version 2.1.5 Build 20170830 Rel. 58245 or earlier

CPE510 with firmware version 2.1.6 Build 20170908 Rel. 45233 or earlier

CPE220 with firmware version 2.1.6 Build 20170908 Rel. 45233 or earlier

CPE210 with firmware version 2.1.6 Build 20170908 Rel. 45234 or earlier

WBS210 with firmware version 2.1.0 Build 20170609 Rel. 57434 or earlier

WBS510 with firmware version 2.1.6 Build 20170908 Rel. 45234 or earlier

Smart home devices:

Smart Plugs and Switch: HS100, HS105, HS110, HS200

Smart Repeater with Plugs: RE350K, RE270K, RE370K

Cameras: NC250, NC260, NC450, KC120

How to protect your devices

Until a software update is available to eliminate the vulnerability for your product, it is recommended to take the following precautions:

For wireless routers: Make sure your routers are in Router Mode or AP Mode, and patch the operating system of your smartphones, tablets and computers.

For wireless adapters: Patch the operating system of your computers.

Microsoft security update: Microsoft has fixed such security issues as mentioned in https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080

TP-Link has been working on affected models and will release firmware over the next few weeks on our official website.

 

Associated CVE identifiers

The following Common Vulnerabilities and Exposures (CVE) identifiers have been assigned to track which products are affected by specific types of key reinstallation attacks:

  1. CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake
  2. CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake
  3. CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake
  4. CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake
  5. CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
  6. CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it
  7. CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake
  8. CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake
  9. CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
  10. CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame

Disclaimer

WPA2 vulnerabilities will remain if you do not take all recommended actions. TP-Link cannot bear any responsibility for consequences that could have been avoided by following the recommendations in this statement.

Is this faq useful?

Your feedback helps improve this site.