Fragment and Forge vulnerabilities(FragAttacks) Statement

05-17-2021
32409

For additional information, see: https://www.wi-fi.org/security-update-fragmentation

TP-Link is aware that researchers have disclosed a set of vulnerabilities about Wi-Fi named FragAttacks.

As soon as we became aware of the details, we immediately launched an investigation. As the investigation progresses, TP-Link will update this advisory with information about affected products.

According to the investigation, the following conditions are required to exploit the wireless vulnerability:

  1. Someone knows your Wi-Fi password and connects to your Wi-Fi network
  2. Someone needs to intercept communication between your router and devices on your Wi-Fi.
  3. In order to achieve the purpose of obtaining private information, an attacker would need to trick a user on the network to visit the attacker's server (Phishing Email, malicious ads, etc.).

Workarounds

  1. Set a strong Wi-Fi password and change it regularly. Being careful not to share your Wi-Fi password.
  2. Periodically check the devices connected to your network. If you see any unknown device, block these devices and change your Wi-Fi password.
  3. We recommend that you use HTTPS protocol to access the website. Don't click on emails from unknown recipients or visit suspicious websites.

Affected

TP-Link will update this advisory as new information emerges.

SOHO Router

Model number

Date

Fixed in Firmware Version

Archer AX90(US)_V1.0

2021/04/29

Archer AX90(US)_V1_210312

Archer AX90(EU)_V1.0

2021/04/29

Archer AX90(EU)_V1_210312

Archer AX10(EU)_V1.0

2021/05/14

Archer AX10(EU)_V1_210420

Archer AX10(US)_V1.0

2021/05/14

Archer AX10(US)_V1_210420

Archer AX10(US)_V1.2

2021/05/14

Archer AX10(US)_V1.2_210421

Archer AX20(EU)_V1.0

2021/05/17

Archer AX20(EU)_V1.0_210514

Archer AX20(US)_V1.0

2021/05/17

Archer AX20(US)_V1.0_210514

Archer AX20(US)_V1.2

2021/05/17

Archer AX20(US)_V1.2_210514

Archer AX20(EU)_V2.0

2021/05/17

Archer AX20(EU)_V2.0_210514

Archer AX20(US)_V2.0

2021/05/17

Archer AX20(US)_V2.0_210514

Archer AX1500(EU)_V1.0

2021/05/17

Archer AX1500(EU)_V1.0_210514

Archer AX1500(US)_V1.0

2021/05/17

Archer AX1500(US)_V1.0_210514

Archer AX1500(US)_V1.2

2021/05/17

Archer AX1500(US)_V1.2_210514

Range Extender

Model number

Date

Fixed in Firmware Version

RE505X_V1

2021/05/17

RE505X_V1_210514

RE603X_V1

2021/05/17

RE603X_V1_210514

RE605X_V1

2021/05/17

RE605X_V1_210514

Deco

Model number

Date

Fixed in Firmware Version

Deco X90_V1

2021/05/17

Deco X90_V1_20210514

Deco X68_V1

2021/05/17

Deco X68_V1_20210514

Omada EAP

Model number

Date

Fixed in Firmware Version

EAP245(EU)_V3

2021/11/4

EAP245(EU)_V3_5.0.4 Build 20211021

EAP245(US)_V3

2021/11/4

EAP245(US)_V3_5.0.4 Build 20211021

Revision History

2021-05-14 Published advisory

Disclaimer

FragAttacks vulnerabilities will remain if you do not take all recommended actions. TP-Link cannot bear any responsibility for consequences that could have been avoided by following the recommendations in this statement.