Fragattack vulnerability
CVE: | CVE-2020-24586, CVE-2020-24587, CVE-CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-26139, CVE-2020-26140, CVE-2020-26141, CVE-2020-26142, CVE-2020-26143, CVE-2020-26144, CVE-2020-26145, CVE-2020-26146, CVE-2020-26147 |
Publication Date: | 2021-May-11 |
Severity: | Medium |
Reference: | |
Status: | Confirmed |
Overview
Twelve new vulnerabilities collectively known as FragAttacks (fragmentation and aggregation attacks) that could affect devices with Wi-Fi capabilities were publicly disclosed on 11 May 2021. Successful exploitation of each one of these vulnerabilities can result in sensitive data disclosure and possibly traffic manipulation. Refer to Wi-Fi Alliance announcement at Wi-Fi Alliance® security update – May 11, 2021 | Wi-Fi Alliance.
Details
Vulnerabilities in the implementation of the IEEE 802.11 standard have been uncovered. These vulnerabilities allow an attacker to inject malicious frames in a legitimate Wi-Fi connection, regardless of the type of wireless encryption used. Successful exploitation of these vulnerabilities result in exfiltration of sensitive data or, in conjunction with other known attacks, allows for traffic manipulation. Note that these vulnerabilities might also affect wireless client devices. Non-EnGenius devices may also have fixes for these vulnerabilities. Please check with your non-EnGenius device vendor for additional details.
Affected Products
All EnGenius Access Points.
Resolution
Recommended action to completely fix the vulnerabilities is to patch both ends of your wireless network, i.e. both the AP and Client.
EnGenius is investigating its Indoor / Outdoor Wireless product line to determine the affected AP products and formulate resolution patches accordingly. Refer to the table below for resolution release details. As the investigation progresses, EnGenius will continuously update this advisory as more information becomes available.
ECW Series
| Model | Patch Release | Target Release Date | Status |
|---|---|---|---|
ECW115 | 1.3.35 | 12 July 2021 | Released |
ECW120 | 1.3.35 | 12 July 2021 | Released |
ECW160 | 1.3.35 | 12 July 2021 | Released |
ECW220v2 | 1.5.42 | Q4 2021 | In progress |
ECW230 / ECW230v2 / ECW230v3 | 1.5.42 | Q4 2021 | In progress |
ECW260 | 1.5.42 | Q4 2021 | In progress |
EWS Series
| Model | Patch Release | Target Release Date | Status |
|---|---|---|---|
EWS330AP | 3.9.1 | Q3 2021 | Released |
EWS355AP | 3.9.1 | Q3 2021 | Released |
EWS357AP / EWS357APv2 | 3.9.1 | 26 July 2021 | Released |
EWS357APv3 | 3.9.1 | 26 July 2021 | Released |
EWS360AP | 3.6.20 | Q4 2021 | Released |
EWS377AP / EWS377APv2 | 3.9.1 | 26 July 2021 | Released |
EWS377APv3 | 3.9.1 | 26 July 2021 | Released |
EWS385AP | 3.7.21 | Q3 2021 | Released |
EWS660AP | 3.6.20 | Q3 2021 | Released |
EWS850AP | 3.9.1 | 26 July 2021 | Released |
EWS860AP | 3.6.20 | Q3 2021 | Released |
EAP Series
| Model | Patch Release | Target Release Date | Status |
|---|---|---|---|
EAP1250 | 3.9.1 | Q3 2021 | Released |
EAP1300 / EAP1300EXT / EnHero5 | 3.9.1 | Q3 2021 | Released |
EAP2200 | 3.7.21 | Q3 2021 | Released |
ENS/ENH Series
| Model | Patch Release | Target Release Date | Status |
|---|---|---|---|
ENS610EXT | 3.9.1 | Q3 2021 | Released |
ENS620EXT | 3.9.1 | Q3 2021 | Released |
ENH1350EXT | 3.9.1 | Q3 2021 | Released |
ENH1750EXT | 3.6.20 | Q3 2021 | Released |
ENH500v3 / EnStationAC v2 / EnStation 5ACv2 / ENS500AC v2 / ENS500ACext v2 | 3.7.20 | Q3 2021 | Released |
Last updated