We detect you are using an unsupported browser. For the best experience, please visit the site using Chrome, Firefox, Safari, or Edge. X

Maximize Your Experience: Reap the Personalized Advantages by Completing Your Profile to Its Fullest! Update Here

Stay in the loop with the latest from Microchip! Update your profile while you are at it. Update Here

Complete your profile to access more resources.Update Here!

$0.00

Item	Qty
Your cart is empty.

Wi-Fi Products Vulnerability Potential Impact Reference Documentation

VU#228519 - Wi-Fi® Protected Access II (WPA2) Vulnerabilities

Recent studies have shown that the WPA2 (Wi-Fi® Protected Access II) protocol, which is a widely used Wi-Fi security mechanism, is vulnerable to a Key Reinstallation attack (KRACK). This vulnerability is in the standard definition and not in a specific implementation.

Microchip is committed to providing secure and robust solutions and as such, we are making continuous effort to follow latest industry practices and recommendations.

Information Regarding our Wi-Fi Products

WINC15x0 Family

All WINC1500 and WINC1510 firmware releases starting with version 19.5.4 and beyond include the WPA2/KRACK fix. Please visit the WINC1500 product page for the latest firmware version.

RN171/RN131

New updated firmware with fixes for KRACK can be found on the product pages:

WILC1000/WILC3000 Linux®

As the vulnerabilities are related to the WPA2 protocol which is implemented on the Linux Host WPA Supplicant – We highly encourage our customers to identify the needed patches for WPA Supplicant.

The WILC1000/WILC3000 firmware doesn’t implement any part of the WPA2 handshake or protocol.

RN1723

New updated firmware with fixes for KRACK can be found on the product page:

RN1723 Product Page

MRF24Wx0MA/MB

For the latest firmware with fixes for KRACK, please order using the part numbers below:

MRF24WG0MA-I/RM110
MRF24WG0MB-I/RM110
MRF24WG0MBT-I/RM110

RN1810

Affected - No fix available

Vulnerability Potential Impact

An attacker within range of an affected access point (AP) and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocols being used. Attacks may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames.

Detailed information about these vulnerabilities can be found here:

CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake
CVE-2017-13078: reinstallation of the group key in the Four-way handshake
CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake
CVE-2017-13080: reinstallation of the group key in the Group Key handshake
CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake
CVE-2017-13082: accepting a retransmitted Fast BSS Transition Re-association Request and reinstalling the pairwise key while processing it
CVE-2017-13084: reinstallation of the STK key in the Peer-Key handshake
CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer-Key (TPK) key in the TDLS handshake
CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame
CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame

Reference Documentation

CERT Vulnerability Notes Database: VU#228519