Zyxel security advisory for the key management vulnerabilities of WPA2 protocol
Admin
Zyxel
is aware of the recently found key management vulnerabilities of the WiFi Protected
Access II (WPA2) security protocol, as identified in US-CERT vulnerability note VU#228519, with the vulnerability IDs listed in table 1.
What are the vulnerabilities?
These vulnerabilities affect wireless products that connect to WiFi networks in different ways, depending on the role of products as WiFi clients or servers, as described in table 1 below.
Table 1.
Type of attack | CVE IDs | Devices impacted |
4-way handshake | WiFi clients | |
Group-key handshake | WiFi clients | |
802.11r Fast-BSS Transition (FT) | Access points | |
Peer-key handshake | WiFi clients |
It is important to note that an attacker has to be physically nearby and is within the wireless range to exploit these weaknesses.[1]
Please see: https://www.krackattacks.com/#details for more technical information.
We have conducted a thorough investigation and ZyWALL USG/UAG/SBG series are immune from above CVE vulnerabilities.
For more information and technical details regarding the vulnerabilities please see below references:
1. US-CERT VU note: https://www.kb.cert.org/vuls/id/228519/
2. Disclosure by by Mathy Vanhoef of imec-DistriNet of KU Leuven: https://www.krackattacks.com/
Categories
- All Categories
- 431 Beta Program
- 2.6K Nebula
- 164 Nebula Ideas
- 112 Nebula Status and Incidents
- 6K Security
- 364 USG FLEX H Series
- 292 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 42 Wireless Ideas
- 6.6K Consumer Product
- 262 Service & License
- 407 News and Release
- 87 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.9K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 83 Security Highlight