Results 1 to 10 of 10

Hybrid View

  1. #1
    New ROGer Array BizzyB PC Specs
    BizzyB PC Specs
    MotherboardGigabyte Z97X-SLI
    ProcessorIntel Core i7-4790K
    Memory (part number)Corsair Vengeance Pro DDR3 2400
    Graphics Card #1ASUS ROG STRIX GeForce GTX 1080 Overclocked 8GB
    MonitorAcer Predator XB271HU WQHD G-Sync and Dell P2415Q 4K
    Storage #1Samsung Evo 500 SSD
    Storage #2Samsung Evo 250 SSD
    CPU CoolerThermaltake Water 3.0 Riing RGB 240
    CaseCooler Master Mastercase Pro 5
    Power SupplyCorsair RM750
    Keyboard Logitech G910 Orion Spectrum
    Mouse Logitech G602 wireless
    Mouse Pad Mionix Alioth Desk Pad
    OS Windows 10

    Join Date
    Aug 2017
    Reputation
    10
    Posts
    6

    ASUS - where is your WiFi patch for KRACK security vulnerability?

    I have both an ASUS RT-AC3100 and an ASUS PCE-AC88. Let me preface this by saying I work in the IT Security industry. I understand the risk to my home network is low simply based on opportunity, time, and physical proximity, and that the major risk is public or enterprise networks. However, it's somewhat disconcerting to hear that many manufacturers have already patched, or have patches coming shortly, and not a peep out of ASUS. I love my networking equipment, but I do expect a commitment to security and a timely response to critical vulnerabilities, especially at the price premium paid. I've been unable to find anything anywhere on plans by ASUS to address this, so please point me in the right direction if I've missed it. I don't exactly expect an immediate patch, but I do expect some communication and timeframe for deployment.

  2. #2
    Administrator Array MasterC@ASUS's Avatar
    Join Date
    Aug 2014
    Reputation
    96
    Posts
    1,492

    Hi BizzyB,

    In case you still haven't come across our statement, this is where we're at:

    ASUS is aware of the recent WPA2 vulnerability issue. We take security and your privacy seriously, so we are working towards a solution as quickly as possible. In the meantime, we want to help clarify the severity of the potential threat, and let our valued customers know the appropriate steps to take in order to avoid being compromised.

    Your devices are only vulnerable if an attacker is in physical proximity to your wireless network. We are co-working with chipset vendors and will release patched firmware for affected routers soon. Before new firmware is released, here are a few ways to stay safe:
    (1) Only visit HTTPS websites.
    (2) Keep your operating system and antivirus software up-to-date.
    (3) When in doubt, be safe and use your cellular network or a wired connection (Ethernet) to access the internet.

  3. #3
    New ROGer Array BizzyB PC Specs
    BizzyB PC Specs
    MotherboardGigabyte Z97X-SLI
    ProcessorIntel Core i7-4790K
    Memory (part number)Corsair Vengeance Pro DDR3 2400
    Graphics Card #1ASUS ROG STRIX GeForce GTX 1080 Overclocked 8GB
    MonitorAcer Predator XB271HU WQHD G-Sync and Dell P2415Q 4K
    Storage #1Samsung Evo 500 SSD
    Storage #2Samsung Evo 250 SSD
    CPU CoolerThermaltake Water 3.0 Riing RGB 240
    CaseCooler Master Mastercase Pro 5
    Power SupplyCorsair RM750
    Keyboard Logitech G910 Orion Spectrum
    Mouse Logitech G602 wireless
    Mouse Pad Mionix Alioth Desk Pad
    OS Windows 10

    Join Date
    Aug 2017
    Reputation
    10
    Posts
    6

    Thank you for your response. As stated, I realized the risk to my home network is low, but it's still a critical vulnerability. I'm glad to hear you are addressing it and are working on firmware. Given that routers don't automatically update firmware, where should we be checking for updates on this issue so we know when to update?

  4. #4
    Administrator Array MasterC@ASUS's Avatar
    Join Date
    Aug 2014
    Reputation
    96
    Posts
    1,492

    Quote Originally Posted by BizzyB View Post
    Thank you for your response. As stated, I realized the risk to my home network is low, but it's still a critical vulnerability. I'm glad to hear you are addressing it and are working on firmware. Given that routers don't automatically update firmware, where should we be checking for updates on this issue so we know when to update?
    Hi BizzyB,

    You can receive notifications for firmware updates from the ASUS Router App for your phone. I can also update everyone here when it is imminent or becomes available. Thanks!

  5. #5
    New ROGer Array
    Join Date
    Nov 2017
    Reputation
    10
    Posts
    1

    Is there an ETA for an update? Even a check for beta firmware still shows nothing new.

  6. #6
    New ROGer Array
    Join Date
    Nov 2017
    Reputation
    10
    Posts
    1

    New release now available for RT-AC66U

    I noticed last week a new update for the RT-AC66U is available that includes the krack fix.
    For the RT-AC66U the firmware version is 3.0.0.4.380_8120-ge60d6e4

    - Release Note -

    Security fixed
    - Fixed KRACK vulnerability
    - Fixed CVE-2017-14491: DNS - 2 byte heap based overflow
    - Fixed CVE-2017-14492: DHCP - heap based overflow
    - Fixed CVE-2017-14493: DHCP - stack based overflow
    - Fixed CVE-2017-14494: DHCP - info leak
    - Fixed CVE-2017-14495: DNS - OOM DoS
    - Fixed CVE-2017-14496: DNS - DoS Integer underflow
    - Fixed CVE-2017-13704 : Bug collision.
    - Fixed predictable session tokens, logged user IP validation, Logged-in information disclosure. (special thanks for Blazej Adamczyk contribution)
    - Fixed web GUI authorization vulnerabilities.
    - Fixed AiCloud XSS vulnerabilities.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •