Fragattack vulnerability

CVE:

CVE-2020-24586, CVE-2020-24587, CVE-CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-26139, CVE-2020-26140, CVE-2020-26141, CVE-2020-26142, CVE-2020-26143, CVE-2020-26144, CVE-2020-26145, CVE-2020-26146, CVE-2020-26147

Publication Date:

2021-May-11

Severity:

Medium

Reference:

Status:

Confirmed

Overview

Twelve new vulnerabilities collectively known as FragAttacks (fragmentation and aggregation attacks) that could affect devices with Wi-Fi capabilities were publicly disclosed on 11 May 2021. Successful exploitation of each one of these vulnerabilities can result in sensitive data disclosure and possibly traffic manipulation. Refer to Wi-Fi Alliance announcement at Wi-Fi Alliance® security update – May 11, 2021 | Wi-Fi Alliance.

Details

Vulnerabilities in the implementation of the IEEE 802.11 standard have been uncovered. These vulnerabilities allow an attacker to inject malicious frames in a legitimate Wi-Fi connection, regardless of the type of wireless encryption used. Successful exploitation of these vulnerabilities result in exfiltration of sensitive data or, in conjunction with other known attacks, allows for traffic manipulation. Note that these vulnerabilities might also affect wireless client devices. Non-EnGenius devices may also have fixes for these vulnerabilities. Please check with your non-EnGenius device vendor for additional details.

Affected Products

All EnGenius Access Points.

Resolution

Recommended action to completely fix the vulnerabilities is to patch both ends of your wireless network, i.e. both the AP and Client.

EnGenius is investigating its Indoor / Outdoor Wireless product line to determine the affected AP products and formulate resolution patches accordingly. Refer to the table below for resolution release details. As the investigation progresses, EnGenius will continuously update this advisory as more information becomes available.

ECW Series

Model
Patch Release
Target Release Date
Status

ECW115

1.3.35

12 July 2021

Released

ECW120

1.3.35

12 July 2021

Released

ECW160

1.3.35

12 July 2021

Released

ECW220v2

1.5.42

Q4 2021

In progress

ECW230 / ECW230v2 / ECW230v3

1.5.42

Q4 2021

In progress

ECW260

1.5.42

Q4 2021

In progress

EWS Series

Model
Patch Release
Target Release Date
Status

EWS330AP

3.9.1

Q3 2021

Released

EWS355AP

3.9.1

Q3 2021

Released

EWS357AP / EWS357APv2

3.9.1

26 July 2021

Released

EWS357APv3

3.9.1

26 July 2021

Released

EWS360AP

3.6.20

Q4 2021

Released

EWS377AP / EWS377APv2

3.9.1

26 July 2021

Released

EWS377APv3

3.9.1

26 July 2021

Released

EWS385AP

3.7.21

Q3 2021

Released

EWS660AP

3.6.20

Q3 2021

Released

EWS850AP

3.9.1

26 July 2021

Released

EWS860AP

3.6.20

Q3 2021

Released

EAP Series

Model
Patch Release
Target Release Date
Status

EAP1250

3.9.1

Q3 2021

Released

EAP1300 / EAP1300EXT / EnHero5

3.9.1

Q3 2021

Released

EAP2200

3.7.21

Q3 2021

Released

ENS/ENH Series

Model
Patch Release
Target Release Date
Status

ENS610EXT

3.9.1

Q3 2021

Released

ENS620EXT

3.9.1

Q3 2021

Released

ENH1350EXT

3.9.1

Q3 2021

Released

ENH1750EXT

3.6.20

Q3 2021

Released

ENH500v3 / EnStationAC v2 / EnStation 5ACv2 / ENS500AC v2 / ENS500ACext v2

3.7.20

Q3 2021

Released

Last updated