Fragattack vulnerability
CVE:
CVE-2020-24586, CVE-2020-24587, CVE-CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-26139, CVE-2020-26140, CVE-2020-26141, CVE-2020-26142, CVE-2020-26143, CVE-2020-26144, CVE-2020-26145, CVE-2020-26146, CVE-2020-26147
Publication Date:
2021-May-11
Severity:
Medium
Reference:
Status:
Confirmed
Overview
Twelve new vulnerabilities collectively known as FragAttacks (fragmentation and aggregation attacks) that could affect devices with Wi-Fi capabilities were publicly disclosed on 11 May 2021. Successful exploitation of each one of these vulnerabilities can result in sensitive data disclosure and possibly traffic manipulation. Refer to Wi-Fi Alliance announcement at Wi-Fi Alliance® security update – May 11, 2021 | Wi-Fi Alliance.
Details
Vulnerabilities in the implementation of the IEEE 802.11 standard have been uncovered. These vulnerabilities allow an attacker to inject malicious frames in a legitimate Wi-Fi connection, regardless of the type of wireless encryption used. Successful exploitation of these vulnerabilities result in exfiltration of sensitive data or, in conjunction with other known attacks, allows for traffic manipulation. Note that these vulnerabilities might also affect wireless client devices. Non-EnGenius devices may also have fixes for these vulnerabilities. Please check with your non-EnGenius device vendor for additional details.
Affected Products
All EnGenius Access Points.
Resolution
Recommended action to completely fix the vulnerabilities is to patch both ends of your wireless network, i.e. both the AP and Client.
EnGenius is investigating its Indoor / Outdoor Wireless product line to determine the affected AP products and formulate resolution patches accordingly. Refer to the table below for resolution release details. As the investigation progresses, EnGenius will continuously update this advisory as more information becomes available.
ECW Series
ECW115
1.3.35
12 July 2021
Released
ECW120
1.3.35
12 July 2021
Released
ECW160
1.3.35
12 July 2021
Released
ECW220v2
1.5.42
Q4 2021
In progress
ECW230 / ECW230v2 / ECW230v3
1.5.42
Q4 2021
In progress
ECW260
1.5.42
Q4 2021
In progress
EWS Series
EWS330AP
3.9.1
Q3 2021
Released
EWS355AP
3.9.1
Q3 2021
Released
EWS357AP / EWS357APv2
3.9.1
26 July 2021
Released
EWS357APv3
3.9.1
26 July 2021
Released
EWS360AP
3.6.20
Q4 2021
Released
EWS377AP / EWS377APv2
3.9.1
26 July 2021
Released
EWS377APv3
3.9.1
26 July 2021
Released
EWS385AP
3.7.21
Q3 2021
Released
EWS660AP
3.6.20
Q3 2021
Released
EWS850AP
3.9.1
26 July 2021
Released
EWS860AP
3.6.20
Q3 2021
Released
EAP Series
EAP1250
3.9.1
Q3 2021
Released
EAP1300 / EAP1300EXT / EnHero5
3.9.1
Q3 2021
Released
EAP2200
3.7.21
Q3 2021
Released
ENS/ENH Series
ENS610EXT
3.9.1
Q3 2021
Released
ENS620EXT
3.9.1
Q3 2021
Released
ENH1350EXT
3.9.1
Q3 2021
Released
ENH1750EXT
3.6.20
Q3 2021
Released
ENH500v3 / EnStationAC v2 / EnStation 5ACv2 / ENS500AC v2 / ENS500ACext v2
3.7.20
Q3 2021
Released
Last updated