Fragment and Forge vulnerabilities(FragAttacks) Statement
For additional information, see: https://www.wi-fi.org/security-update-fragmentation
TP-Link is aware that researchers have disclosed a set of vulnerabilities about Wi-Fi named FragAttacks.
As soon as we became aware of the details, we immediately launched an investigation. As the investigation progresses, TP-Link will update this advisory with information about affected products.
According to the investigation, the following conditions are required to exploit the wireless vulnerability:
- Someone knows your Wi-Fi password and connects to your Wi-Fi network
- Someone needs to intercept communication between your router and devices on your Wi-Fi.
- In order to achieve the purpose of obtaining private information, an attacker would need to trick a user on the network to visit the attacker's server (Phishing Email, malicious ads, etc.).
Workarounds
- Set a strong Wi-Fi password and change it regularly. Being careful not to share your Wi-Fi password.
- Periodically check the devices connected to your network. If you see any unknown device, block these devices and change your Wi-Fi password.
- We recommend that you use HTTPS protocol to access the website. Don't click on emails from unknown recipients or visit suspicious websites.
Affected
TP-Link will update this advisory as new information emerges.
SOHO Router
Model number |
Date |
Fixed in Firmware Version |
Archer AX90(US)_V1.0 |
2021/04/29 |
Archer AX90(US)_V1_210312 |
Archer AX90(EU)_V1.0 |
2021/04/29 |
Archer AX90(EU)_V1_210312 |
Archer AX10(EU)_V1.0 |
2021/05/14 |
Archer AX10(EU)_V1_210420 |
Archer AX10(US)_V1.0 |
2021/05/14 |
Archer AX10(US)_V1_210420 |
Archer AX10(US)_V1.2 |
2021/05/14 |
Archer AX10(US)_V1.2_210421 |
Archer AX20(EU)_V1.0 |
2021/05/17 |
Archer AX20(EU)_V1.0_210514 |
Archer AX20(US)_V1.0 |
2021/05/17 |
Archer AX20(US)_V1.0_210514 |
Archer AX20(US)_V1.2 |
2021/05/17 |
Archer AX20(US)_V1.2_210514 |
Archer AX20(EU)_V2.0 |
2021/05/17 |
Archer AX20(EU)_V2.0_210514 |
Archer AX20(US)_V2.0 |
2021/05/17 |
Archer AX20(US)_V2.0_210514 |
Archer AX1500(EU)_V1.0 |
2021/05/17 |
Archer AX1500(EU)_V1.0_210514 |
Archer AX1500(US)_V1.0 |
2021/05/17 |
Archer AX1500(US)_V1.0_210514 |
Archer AX1500(US)_V1.2 |
2021/05/17 |
Archer AX1500(US)_V1.2_210514 |
Range Extender
Model number |
Date |
Fixed in Firmware Version |
RE505X_V1 |
2021/05/17 |
RE505X_V1_210514 |
RE603X_V1 |
2021/05/17 |
RE603X_V1_210514 |
RE605X_V1 |
2021/05/17 |
RE605X_V1_210514 |
Deco
Model number |
Date |
Fixed in Firmware Version |
Deco X90_V1 |
2021/05/17 |
Deco X90_V1_20210514 |
Deco X68_V1 |
2021/05/17 |
Deco X68_V1_20210514 |
Omada EAP
Model number |
Date |
Fixed in Firmware Version |
EAP245(EU)_V3 |
2021/11/4 |
EAP245(EU)_V3_5.0.4 Build 20211021 |
EAP245(US)_V3 |
2021/11/4 |
EAP245(US)_V3_5.0.4 Build 20211021 |
Revision History
2021-05-14 Published advisory
Disclaimer
FragAttacks vulnerabilities will remain if you do not take all recommended actions. TP-Link cannot bear any responsibility for consequences that could have been avoided by following the recommendations in this statement.
Fick du svar på din fråga?
Your feedback helps improve this site.