Fragment and Forge vulnerabilities(FragAttacks) Statement
For additional information, see: https://www.wi-fi.org/security-update-fragmentation
TP-Link is aware that researchers have disclosed a set of vulnerabilities about Wi-Fi named FragAttacks.
As soon as we became aware of the details, we immediately launched an investigation. As the investigation progresses, TP-Link will update this advisory with information about affected products.
According to the investigation, the following conditions are required to exploit the wireless vulnerability:
- Someone knows your Wi-Fi password and connects to your Wi-Fi network
- Someone needs to intercept communication between your router and devices on your Wi-Fi.
- In order to achieve the purpose of obtaining private information, an attacker would need to trick a user on the network to visit the attacker's server (Phishing Email, malicious ads, etc.).
Workarounds
- Set a strong Wi-Fi password and change it regularly. Being careful not to share your Wi-Fi password.
- Periodically check the devices connected to your network. If you see any unknown device, block these devices and change your Wi-Fi password.
- We recommend that you use HTTPS protocol to access the website. Don't click on emails from unknown recipients or visit suspicious websites.
Affected
TP-Link will update this advisory as new information emerges.
SOHO Router
Model number |
Date |
Fixed in Firmware Version |
Archer AX90(US)_V1.0 |
2021/04/29 |
Archer AX90(US)_V1_210312 |
Archer AX90(EU)_V1.0 |
2021/04/29 |
Archer AX90(EU)_V1_210312 |
Archer AX10(EU)_V1.0 |
2021/05/14 |
Archer AX10(EU)_V1_210420 |
Archer AX10(US)_V1.0 |
2021/05/14 |
Archer AX10(US)_V1_210420 |
Archer AX10(US)_V1.2 |
2021/05/14 |
Archer AX10(US)_V1.2_210421 |
Archer AX20(EU)_V1.0 |
2021/05/17 |
Archer AX20(EU)_V1.0_210514 |
Archer AX20(US)_V1.0 |
2021/05/17 |
Archer AX20(US)_V1.0_210514 |
Archer AX20(US)_V1.2 |
2021/05/17 |
Archer AX20(US)_V1.2_210514 |
Archer AX20(EU)_V2.0 |
2021/05/17 |
Archer AX20(EU)_V2.0_210514 |
Archer AX20(US)_V2.0 |
2021/05/17 |
Archer AX20(US)_V2.0_210514 |
Archer AX1500(EU)_V1.0 |
2021/05/17 |
Archer AX1500(EU)_V1.0_210514 |
Archer AX1500(US)_V1.0 |
2021/05/17 |
Archer AX1500(US)_V1.0_210514 |
Archer AX1500(US)_V1.2 |
2021/05/17 |
Archer AX1500(US)_V1.2_210514 |
Range Extender
Model number |
Date |
Fixed in Firmware Version |
RE505X_V1 |
2021/05/17 |
RE505X_V1_210514 |
RE603X_V1 |
2021/05/17 |
RE603X_V1_210514 |
RE605X_V1 |
2021/05/17 |
RE605X_V1_210514 |
Deco
Model number |
Date |
Fixed in Firmware Version |
Deco X90_V1 |
2021/05/17 |
Deco X90_V1_20210514 |
Deco X68_V1 |
2021/05/17 |
Deco X68_V1_20210514 |
Omada EAP
Model number |
Date |
Fixed in Firmware Version |
EAP245(EU)_V3 |
2021/11/4 |
EAP245(EU)_V3_5.0.4 Build 20211021 |
EAP245(US)_V3 |
2021/11/4 |
EAP245(US)_V3_5.0.4 Build 20211021 |
Revision History
2021-05-14 Published advisory
Disclaimer
FragAttacks vulnerabilities will remain if you do not take all recommended actions. TP-Link cannot bear any responsibility for consequences that could have been avoided by following the recommendations in this statement.