Security Notice: Key Reinstallation Attack
On October 16, 2017 a WPA2 exploit was disclosed known as Key Reinstallation Attack (KRACK) that affects all WPA2 protected Wi-Fi networks. This exploit could lead to user's WiFi traffic becoming compromised. Further background on the exploit can be found here.
- Affects any wireless product using WPA2 encryption, which includes all Open Mesh AP products.
- Client devices that have not received a security update addressing this issue are also susceptible.
- Those using 802.11r or mesh repeaters are most susceptible.
- The exploit requires physical proximity to the network.
Open Mesh has provided patches for the following versions: 481, 590, 6.1.x, 6.2.x, 6.3.x and 6.4.x
|Unpatched FW Version||Patched FW version||Availability Date|
|6.4.1 (Latest)||6.4.2||October 20, 2017|
|6.3.15 (Stable)||6.3.16||October 17, 2017|
|6.2.12 (Previous Stable)||6.2.13||October 19, 2017|
|6.1.2||6.1.4||October 18, 2017|
|590||fw-ng-r590-v4||November 1, 2017**|
|481||fw-ng-r481k||November 1, 2017**|
To obtain the patched firmware:
- Enable “Automatic Upgrades” under Configure -> Maintenance and your network will begin upgrading during your defined maintenance window.
- Customers who wish to immediately upgrade all access points on their network can select “Upgrade Now” and the installation process will complete in 15-20 minutes.
- **For EOL versions 481/590 the patch needs to be manually applied through a custom.sh script. In CloudTrax, browse to Configure -> Advanced, copy the below link into the "custom.sh server" field and then click Save Changes: http://files.cloudtrax.com/downloads/custom/omf1227/
- Turn off 802.11r until you’ve received the firmware update. This is done under Configure -> SSID# for any SSID that has it enabled.
- End users should contact their WiFi client device manufacturers for security updates related to their specific client devices.
Questions / Feedback
If you have any questions or concerns about this vulnerability or the upgrade process, please reach out to Open Mesh support.