Zyxel security advisory for the key management vulnerabilities of WPA2 protocol





Zyxel
is aware of the recently found key management vulnerabilities of the WiFi Protected
Access II (WPA2) security protocol, as identified in US-CERT vulnerability note VU#228519, with the vulnerability IDs listed in table 1.
What are the vulnerabilities?
These vulnerabilities affect wireless products that connect to WiFi networks in different ways, depending on the role of products as WiFi clients or servers, as described in table 1 below.
Table 1.
Type of attack | CVE IDs | Devices impacted |
4-way handshake | WiFi clients | |
Group-key handshake | WiFi clients | |
802.11r Fast-BSS Transition (FT) | Access points | |
Peer-key handshake | WiFi clients |
It is important to note that an attacker has to be physically nearby and is within the wireless range to exploit these weaknesses.[1]
Please see: https://www.krackattacks.com/#details for more technical information.
We have conducted a thorough investigation and ZyWALL USG/UAG/SBG series are immune from above CVE vulnerabilities.
For more information and technical details regarding the vulnerabilities please see below references:
1. US-CERT VU note: https://www.kb.cert.org/vuls/id/228519/
2. Disclosure by by Mathy Vanhoef of imec-DistriNet of KU Leuven: https://www.krackattacks.com/
Categories
- All Categories
- 192 Beta Program
- 1.7K Nebula
- 93 Nebula Ideas
- 63 Nebula Status and Incidents
- 4.7K Security
- 236 Security Ideas
- 1.1K Switch
- 52 Switch Ideas
- 920 WirelessLAN
- 28 WLAN Ideas
- 5.4K Consumer Product
- 174 Service & License
- 296 News and Release
- 65 Security Advisories
- 14 Education Center
- 1K FAQ
- 453 Nebula FAQ
- 258 Security FAQ
- 100 Switch FAQ
- 115 WirelessLAN FAQ
- 22 Consumer Product FAQ
- 67 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 69 About Community
- 52 Security Highlight