Results 1 to 10 of 10
  1. #1
    New ROGer Array BizzyB PC Specs
    BizzyB PC Specs
    MotherboardGigabyte Z97X-SLI
    ProcessorIntel Core i7-4790K
    Memory (part number)Corsair Vengeance Pro DDR3 2400
    Graphics Card #1ASUS ROG STRIX GeForce GTX 1080 Overclocked 8GB
    MonitorAcer Predator XB271HU WQHD G-Sync and Dell P2415Q 4K
    Storage #1Samsung Evo 500 SSD
    Storage #2Samsung Evo 250 SSD
    CPU CoolerThermaltake Water 3.0 Riing RGB 240
    CaseCooler Master Mastercase Pro 5
    Power SupplyCorsair RM750
    Keyboard Logitech G910 Orion Spectrum
    Mouse Logitech G602 wireless
    Mouse Pad Mionix Alioth Desk Pad
    OS Windows 10

    Join Date
    Aug 2017
    Reputation
    10
    Posts
    6

    ASUS - where is your WiFi patch for KRACK security vulnerability?

    I have both an ASUS RT-AC3100 and an ASUS PCE-AC88. Let me preface this by saying I work in the IT Security industry. I understand the risk to my home network is low simply based on opportunity, time, and physical proximity, and that the major risk is public or enterprise networks. However, it's somewhat disconcerting to hear that many manufacturers have already patched, or have patches coming shortly, and not a peep out of ASUS. I love my networking equipment, but I do expect a commitment to security and a timely response to critical vulnerabilities, especially at the price premium paid. I've been unable to find anything anywhere on plans by ASUS to address this, so please point me in the right direction if I've missed it. I don't exactly expect an immediate patch, but I do expect some communication and timeframe for deployment.

  2. #2
    Administrator Array MasterC@ASUS's Avatar
    Join Date
    Aug 2014
    Reputation
    96
    Posts
    1,492

    Hi BizzyB,

    In case you still haven't come across our statement, this is where we're at:

    ASUS is aware of the recent WPA2 vulnerability issue. We take security and your privacy seriously, so we are working towards a solution as quickly as possible. In the meantime, we want to help clarify the severity of the potential threat, and let our valued customers know the appropriate steps to take in order to avoid being compromised.

    Your devices are only vulnerable if an attacker is in physical proximity to your wireless network. We are co-working with chipset vendors and will release patched firmware for affected routers soon. Before new firmware is released, here are a few ways to stay safe:
    (1) Only visit HTTPS websites.
    (2) Keep your operating system and antivirus software up-to-date.
    (3) When in doubt, be safe and use your cellular network or a wired connection (Ethernet) to access the internet.

  3. #3
    New ROGer Array BizzyB PC Specs
    BizzyB PC Specs
    MotherboardGigabyte Z97X-SLI
    ProcessorIntel Core i7-4790K
    Memory (part number)Corsair Vengeance Pro DDR3 2400
    Graphics Card #1ASUS ROG STRIX GeForce GTX 1080 Overclocked 8GB
    MonitorAcer Predator XB271HU WQHD G-Sync and Dell P2415Q 4K
    Storage #1Samsung Evo 500 SSD
    Storage #2Samsung Evo 250 SSD
    CPU CoolerThermaltake Water 3.0 Riing RGB 240
    CaseCooler Master Mastercase Pro 5
    Power SupplyCorsair RM750
    Keyboard Logitech G910 Orion Spectrum
    Mouse Logitech G602 wireless
    Mouse Pad Mionix Alioth Desk Pad
    OS Windows 10

    Join Date
    Aug 2017
    Reputation
    10
    Posts
    6

    Thank you for your response. As stated, I realized the risk to my home network is low, but it's still a critical vulnerability. I'm glad to hear you are addressing it and are working on firmware. Given that routers don't automatically update firmware, where should we be checking for updates on this issue so we know when to update?

  4. #4
    Administrator Array MasterC@ASUS's Avatar
    Join Date
    Aug 2014
    Reputation
    96
    Posts
    1,492

    Quote Originally Posted by BizzyB View Post
    Thank you for your response. As stated, I realized the risk to my home network is low, but it's still a critical vulnerability. I'm glad to hear you are addressing it and are working on firmware. Given that routers don't automatically update firmware, where should we be checking for updates on this issue so we know when to update?
    Hi BizzyB,

    You can receive notifications for firmware updates from the ASUS Router App for your phone. I can also update everyone here when it is imminent or becomes available. Thanks!

  5. #5
    New ROGer Array
    Join Date
    Nov 2017
    Reputation
    10
    Posts
    1

    Is there an ETA for an update? Even a check for beta firmware still shows nothing new.

  6. #6
    New ROGer Array
    Join Date
    Nov 2017
    Reputation
    10
    Posts
    1

    New release now available for RT-AC66U

    I noticed last week a new update for the RT-AC66U is available that includes the krack fix.
    For the RT-AC66U the firmware version is 3.0.0.4.380_8120-ge60d6e4

    - Release Note -

    Security fixed
    - Fixed KRACK vulnerability
    - Fixed CVE-2017-14491: DNS - 2 byte heap based overflow
    - Fixed CVE-2017-14492: DHCP - heap based overflow
    - Fixed CVE-2017-14493: DHCP - stack based overflow
    - Fixed CVE-2017-14494: DHCP - info leak
    - Fixed CVE-2017-14495: DNS - OOM DoS
    - Fixed CVE-2017-14496: DNS - DoS Integer underflow
    - Fixed CVE-2017-13704 : Bug collision.
    - Fixed predictable session tokens, logged user IP validation, Logged-in information disclosure. (special thanks for Blazej Adamczyk contribution)
    - Fixed web GUI authorization vulnerabilities.
    - Fixed AiCloud XSS vulnerabilities.

  7. #7
    ROG Junior Member Array
    Join Date
    Nov 2017
    Reputation
    10
    Posts
    2

    Still no update patch for Asus star router RT-AC88U. Disappointing. I have been checking every day.

  8. #8
    New ROGer Array Seda PC Specs
    Seda PC Specs
    MotherboardASUS Crosshair V Formula-Z
    ProcessorAMD FX-9590
    Memory (part number)CMZ32GX3M4X1600C10
    Graphics Card #1Radeon 7850
    Graphics Card #2Radeon 7850
    Sound CardCreative X-Fi Titanium HD
    MonitorASUS VS278
    Storage #1AMD Radeon R7 120 GB SSD
    Storage #24x WDC VelociRaptor 500GB Mechanical & 1x WDC Black 1TB Mechanical
    CPU CoolerCorsair Hydro H60
    CaseThermaltake Chaser MK-I
    Power SupplyCooler Master Silent Pro Gold 1200W
    Keyboard ASUS Strix Tactic Pro
    Mouse ASUS Strix Claw
    Headset ASUS Strix 7.1
    Mouse Pad An Extra-Large Hatsune Miku Anime Mouse Pad
    OS Debian GNU/Linux
    Network RouterASUS RT-AC5300
    Seda's Avatar
    Join Date
    Mar 2013
    Reputation
    10
    Posts
    12

    Quote Originally Posted by marklang View Post
    Still no update patch for Asus star router RT-AC88U. Disappointing. I have been checking every day.
    The ASUS RT-AC88U isn't vulnerable to Krack in the default router-mode configuration as ASUS didn't follow the entire WiFi standard when they designed that device (it appears to reject repeat keys - this is a good thing). Your device is currently believed to be safe in that mode. Read this page for ASUS own statement on it:

    https://www.asus.com/Static_WebPage/...urity-Advisory

    Click "10/31/2017 Update on security advisory for the vulnerability of WPA2 protocol" to see the list.
    Last edited by Seda; 11-26-2017 at 11:48 AM.

  9. #9
    New ROGer Array
    Join Date
    Nov 2017
    Reputation
    10
    Posts
    7

    Quote Originally Posted by Seda View Post
    The ASUS RT-AC88U isn't vulnerable to Krack to begin with as ASUS didn't follow the entire WiFi standard when they designed that device (it appears to reject repeat keys - this is a good thing). Your device is currently believed to be safe.

    https://www.asus.com/Static_WebPage/...urity-Advisory

    Click "10/31/2017 Update on security advisory for the vulnerability of WPA2 protocol" to see the list.
    Misleading as it's only the default configuration that they're not vulnerable.

  10. #10
    New ROGer Array Seda PC Specs
    Seda PC Specs
    MotherboardASUS Crosshair V Formula-Z
    ProcessorAMD FX-9590
    Memory (part number)CMZ32GX3M4X1600C10
    Graphics Card #1Radeon 7850
    Graphics Card #2Radeon 7850
    Sound CardCreative X-Fi Titanium HD
    MonitorASUS VS278
    Storage #1AMD Radeon R7 120 GB SSD
    Storage #24x WDC VelociRaptor 500GB Mechanical & 1x WDC Black 1TB Mechanical
    CPU CoolerCorsair Hydro H60
    CaseThermaltake Chaser MK-I
    Power SupplyCooler Master Silent Pro Gold 1200W
    Keyboard ASUS Strix Tactic Pro
    Mouse ASUS Strix Claw
    Headset ASUS Strix 7.1
    Mouse Pad An Extra-Large Hatsune Miku Anime Mouse Pad
    OS Debian GNU/Linux
    Network RouterASUS RT-AC5300
    Seda's Avatar
    Join Date
    Mar 2013
    Reputation
    10
    Posts
    12

    Quote Originally Posted by meowmeowmeow View Post
    Misleading as it's only the default configuration that they're not vulnerable.
    Valid point. I've edited my post above in case someone finds this via a search and follows the first thing they see.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •