As many people have read or will soon read, there is a vulnerability in the WPA2 wireless protocol called Krack that could allow attackers to eavesdrop on wireless connections and inject data into the wireless stream in order to install malware or modify web pages.

To protect yourself, many WiFi product vendors will be releasing updated firmware and drivers for their products. It is strongly suggested that users update their hardware as soon as a update is available in order to protect themselves. This includes router firmware and wireless network card drivers.

To help with this, I have created a list of known information regarding various WiFi vendors and whether new drivers are available. As this vulnerability is fairly new, there is little information available, I advise you to check this page throughout the coming days to see if new information is available. This page includes information resulting from contacting of vendors, CERT's informative page, and other sources.

Last Updated: 10/20/17 14:35 EST

Companies with available information:

ADTRAN

ADTRAN posted in their forums that they are performing an investigation and will send out a security notice to all signed up users with details. A security advisory was sent out on 10/18/17 to customers that basically reiterates the same information.

Aerohive Networks

Aerohive has released an advisory explaining under what circumstances their products are vulnerable to KRACK. They also included information on what HiveOS upgrades mitigate this attack,

Arch Linux

Arch has pushed out updates for wpa_supplicant and hostapd. Patches can be found here and here.

Amazon

An Amazon Spokesperson responded to our inquiry with "We are in the process of reviewing which of our devices may contain this vulnerability and will be issuing patches where needed.".

Apple

Today, October 31st, Apple has released updates for all of their core operating systems that included fixes for the KRACK vulns.

Aruba Networks

Patch information can be found here & here. A FAQ was posted as well.

Arris

An Arris spokesperson told BleepingComputer:

ARRIS is committed to the security of our devices and safeguarding the millions of subscribers who use them. The KRACK flaw affects the WPA2 protocol itself and is not specific to any device or manufacturer. There is no current evidence of malicious exploits. ARRIS is evaluating our full Wi-Fi portfolio and will release any required firmware updates as quickly as possible.

Asus

Asus has released information (see bottom of the page) and working with chipset suppliers to patch the vulns and will release an update as soon as its ready.

AVM

AVM has a advisory posted regarding the KRACK vuln. According to AVM "FRITZ!Boxes on broadband connections are currently not affected by the wireless security breach known as "Krack", as such access points do not use the affected 802.11r standard.". They also do not seem to be happy regarding the way the disclosure was handled.

Barracuda Networks

Barracuda posted an advisory that lists affected products and contains links on hotfixes to resolve the KRACK vulns.

Belkin, Linksys, and Wemo

BleepingComputer received a response from Belkin that states: "Belkin Linksys, and Wemo are aware of the WPA vulnerability. Our security teams are verifying details and we will advise accordingly. Also know that we are committed to putting the customer first and are planning to post instructions on our security advisory page on what customers can do to update their products, if and when required.” Cisco

Cisco has released an advisory that discusses the vulnerability in relation to their product and a list of products that are vulnerable. Cisco has stated that IOS and driver updates are being developed and will be released. Cisco product users are advised to check the advisory often for future updates.

DD-WRT

A beta version of DD-WRT is on their FTP Site. At the time of this writing, the latest firmware is in a folder named 10-17-2017-r33525.

Debian

Debian posted an advisory to the Debian Security Announce mailing list with information on updates that resolve the Krack vulnerability.

Dell

Dell has posted an advisory that lists all products that are NOT affected by the KRACK vulns. More information about affected products will be added to the advisory soon.

D-Link

D-Link has posted an advisory stating that they are waiting for patches from the chipset manufacturers. They further accurately state that "For consumers users, your priority should be updating devices such as laptops and smartphones.".

DrayTek

DrayTek has posted an advisory detailing what products are affected by KRACK and stating that updates will be available next week.

Edimax

Edimax posted an advisory stating:

This vulnerability will require collaborative firmware patches from relevant manufacturers. Edimax is requesting assistance from them and is working diligently for the firmware fix. It will be published on Edimax website as soon as it becomes available.

eero

eero released an advisory that states that they have rolled out eeroOS version 3.5, which mitigates the KRACK vulns.

EnGenius

EnGenius has posted an advisory with some information about the attack. I was told by an EnGenius spokesperson that they are "working on security patches and will release updates to its firmware by the end of October".

Espressif

Espressif has released updates for ESP-IDF, ESP8266 RTOS SDK, & ESP8266 NONOS SDK on their Github page.

Extreme Networks

Extreme Networks released an advisory and stated hotfixes for the KRACK vulns will be released starting on October 20th.

F5 Networks

According to a released advisory, F5 Networks products are not affected by KRACK.

Fedora

Fedora has a Fedora 25 update available for testing. The Fedora 26 and Fedora 27 udpates are pending to be added to the Stable release.

FreeBSD

According to CERT, FreeBSD is aware of the vulnerability and users should either join their FreeBSD-Announce mailing list or monitor their Security Information page.

Fortinet

According to this document, the FortiAP 5.6.1 release fixed the KRACK vulns.

Google

Android 6.0 and higher are currently vulnerable to this attack. When BleepingComputer contacted Google, their statement was "We're aware of the issue, and we will be patching any affected devices in the coming weeks". No information is available as of yet regarding Google WiFi.

Intel

Intel has released an advisory, which includes links to updated drivers.

Kisslink

Kisslink has told BleepingComputer that as their products are protected via their Promximity technology and thus are not using WPA2 or affected by its bugs.

Lede

Updated packages for hostapd-common - 2016-12-19-ad02e79d-5, wpad - 2016-12-19-ad02e79d-5, and wpad-mini - 2016-12-19-ad02e79d-5 are available on Ledge. You can check for update availability via the opkg list-upgradable command and upgrade using opkg update command.

Update 10/18/17: LEDE released the 17.01.4 service release to resolve the KRACK bugs and other issues.

LineageOS

LineageOS has had patches merged to prevent the Krak vulns.

Linux

According to the vulnerability release, "Our attack is especially catastrophic against version 2.4 and above of wpa_supplicant, a Wi-Fi client commonly used on Linux.". Patches can be found here.

Meraki

Updates have been released for Cisco Meraki that resolve the KRACK vuln. More info can be found in this advisory: 802.11r Vulnerability (CVE: 2017-13082) FAQ.

Microchip Technology

Microchip has posted an advisory with available updates.

Microsoft

Microsoft quietly fixed the KRACK vulns in the October 10th Patch Tuesday.

MikroTik

According to MikroTik: "RouterOS v6.39.3, v6.40.4, v6.41rc are not affected! AP mode devices are not affected. All implemented fixes refer only to station and WDS modes.". They further stated that firmware versions were released last week to fix this vulnerability.

Netgear

Netgear has released an advisory that contains a list of products affected by KRACK and associated updates.

Nest

Stated that patches will be rolled out next week. These will autoupdate and will not require user intervention.

OpenBSD

OpenBSD was provided a patch that was used to silently update and fix this vulnerability. More information can be read here and here.

Open-Mesh & CloudTrax

An advisory was posted for Open-Mesh & CloudTrax regarding the Krack vuln. An update is expected to be delivered to all of those that use automatic updates by the end over October 17th. More info at the advisory.

Peplink

Peplink has issued an advisory stating that users of the Wi-Fi as WAN functionality are vulnerable to this attack. To temporarily fix this issue, users can disable this feature and wait for an updated firmware to be released.

pfSense

pfSense, which is based off of FreeBSD, has opened an issue to import FreeBSD's fix.

Qualcomm

A Qualcomm spokesperson has told BleepingComputer:

"Providing technologies that support robust security and privacy is a priority for Qualcomm Technologies, Inc. (QTI). We have been working with industry partners to identify and address all implementations of the open source security issue involving WPA packet number reuse within Qualcomm-powered products. Patches for these issues are available now on the Code Aurora Forum and through other distribution channels, with additional patches posted as soon as they are verified through our quality assurance process"

Red Hat

Red Hat has generated an advisory regarding the vulnerability in wpa_supplicant. No further information available.

Raspberry Pi

As this uses wpa_supplicant, you need to update to the latest packages. Use sudo apt update followed by sudo apt upgrade to install a patched wpa_supplicant.

Ruckus Wireless

Ruckus Wireless has posted a security advisory that states that disabling 802.11r will mitigate CVE-2017-13082. Security patches for affected devices will be released as soon as they become available.

Sierra Wireless

Sierra Wireless posted a technical bulletin on affected products and remediation plans. Link from CERT.

Sonicwall

Sonicwall has released an advisory that states that they are not vulnerable:

SonicWall Capture Labs has evaluated these vulnerabilities and determined that our SonicPoint and SonicWave wireless access points, as well as our TZ and SOHO Wireless firewalls, are not vulnerable to the flaws in WPA2. SonicWall is working on a solution to provide an additional layer of protection for SonicWall customers that will block these man-in-the-middle attacks even from vulnerable unpatched clients. This will be delivered in a future SonicOS update.

Sophos

Sophos has released an advisory stating that the Sophos UTM Wireless, Sophos Firewall Wireless, Sophos Central Wireless, and Cyberoam Wireless products are affected by the Krack vulnerability. Updates for these products will be released soon.

Synology

Synology posted an advisory that indicates Synology DiskStation Manager (DSM) with attached WiFi dongle and Synology Router Manager (SRM) are vulnerable to Krack. According to Synology, updates for affected products will be released soon.

Tanaza

Tanaza has reached out to BleepingComputer to advise that their v2.15.2 firmware contains a patch for KRACK.

Toshiba

According to CERT, Toshiba's SureMark 4610 Printer (Models 1NR, 2CR, 2NR) with Wireless Lan Adapter & Canvio AeroMobile Wireless SSD product are affected. Toshiba will be contacting owners and business partners directly in regards to the printer and a firmware update will be released for the wireless SSD card.

TP-Link

When I contacted TP-Link tech support, I was told "Our seniors are keeping an eye on this issue. Currently we haven't received any feedback that TP-Link product is affected by that. We will offer an update on our official website once we have any new info."

On October 18, TP-Link issued the following statement with details on affected products.

Turris Omnia

Turris, which uses OpenWRT, posted in their forums that a patch was added to their repository that they are going to test and release a fix. Hopefully, this will lead to OpenWRT releasing an update soon as well.

Ubiquiti (UniFi, AmpliFi, airMax)

Ubiquiti have posted an advisory that provides details on what UniFi, AmpliFi, and airMax products are affected by the KRACK vulnerability. This advisory also provides links to the updates that resolve this attack.

It should be noted that the 802.11r (Fast Roaming) beta feature is still vulnerable and it is advised that it be disabled until a future update resolves the issue.

Ubuntu

Ubuntu has released an advisory with information on how to update wpa_supplicant and hostapd in order to resolve this vulnerability.

WatchGuard

WatchGuard has issued an advisory outlining when updates are going to be available for their various products and services.

WiFi Alliance Announcement

The WiFi Alliance released an announcement regarding the KRACK vulns, what products are affected, and how to mitigate the issues. New version of Xirrus AOS will be released by October 30th 2017.

Xirrus/Riverbed

Xirrus/Riverbed have posted an advisory

Zyxel

Zyxel has created a page that details what products are affected. While they are working to fix the vulnerability, there are no updated drivers and firmware available.

Companies claimed to be not affected by Krack:

Arista Networks, Inc.

Lenovo

Vmware

Companies with no available information:

3com Inc

Actiontec

Alcatel-Lucent

AsusTek Computer Inc.

Atheros Communications, Inc.

Broadcom

CentOS

EMC Corporation

Extreme Networks

F5 Networks, Inc.

Foundry Brocade

Hewlett Packard Enterprise

IBM, INC.

Kyocera Communications

Marvell Semiconductor

MediaTek