Buffalo Forums

Products => Wireless => : uhClem October 16, 2017, 09:33:49 AM

: KRACK WPA2 Vulnerability - are firmware updates available?
: uhClem October 16, 2017, 09:33:49 AM
I read this morning of the KRACK vulnerability which seems to exist in just about every WPA2 device.  Presumably, I need to update my router.  I see no mention of this here or on BuffaloTech.com main pages.  What is Buffalo doing about this problem?

Discoverer of vulnerability's web page on it:
https://www.krackattacks.com/

DD-WRT forums thread (no action yet?)
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=311679&highlight=krack+wpa2

It is not clear to me if this is mostly a router or mostly a client problem or if the exploit works equally against both.  Make sure you are using secure protocols over WI-FI.  (HTTPS, e-mail over SSL encrypted protocols, etc.)

Note to Android 6 users:  The version is particularly vulnerable because the exploit can cause it to use a key of all zeros!
: Re: KRACK WPA2 Vulnerability - are firmware updates available?
: buffalo_user_lol October 16, 2017, 09:46:57 AM
Came here looking for this also. For more info:

https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

This is a big deal, Buffalo needs to get on this. Everybody needs to get on this.
: Re: KRACK WPA2 Vulnerability - are firmware updates available?
: csgreenknight October 16, 2017, 11:15:11 AM
Looking for an update as well.
: Re: KRACK WPA2 Vulnerability - are firmware updates available?
: xenophore October 16, 2017, 03:09:02 PM
Here's a list of companies that have already supplied fixes: https://char.gd/blog/2017/wifi-has-been-broken-heres-the-companies-that-have-already-fixed-it (https://char.gd/blog/2017/wifi-has-been-broken-heres-the-companies-that-have-already-fixed-it)

Buffalo is conspicuously absent.
: Re: KRACK WPA2 Vulnerability - are firmware updates available?
: ProFromGrover October 16, 2017, 05:26:33 PM
I'm also very interested in updates to address KRACK. DD-WRT patches have been developed, but they must be rolled into the firmware and distributed ASAP.
: Re: KRACK WPA2 Vulnerability - are firmware updates available?
: kjhambrick October 18, 2017, 05:55:11 AM
I also need an update for my WZR-D1800H Ver.1.99

Any Input from the Buffalo Folks ?

Thanks.

-- kjh

: Re: KRACK WPA2 Vulnerability - are firmware updates available?
: gijoecam October 18, 2017, 09:27:17 PM
Add me to the list of people wondering about a firmware update for this issue...
: Re: KRACK WPA2 Vulnerability - are firmware updates available?
: ProFromGrover October 19, 2017, 10:19:49 AM
I just found this in the warranty information for DD-WRT routers on the Buffalo website.

Open Source DD-WRT Routers are factory pre-loaded with the open source operating system, DD-WRT. All development, firmware updates, technical and configuration support will be provided by DD-WRT and the DD-WRT community. Buffalo Americas provides a limited hardware warranty that covers malfunctioning hardware. Hardware warranty support is available for 90 days from purchase via phone or via email for the entirety of the warranty period.

It looks like we're all on our own.  I don't think Buffalo is going to help. This is one of the reasons I bought the Buffalo routers and recommended them to customers, but that policy just changed for me.

Go to this page: http://dd-wrt.com/wiki/index.php/Supported_Devices#Buffalo
Find your model, then in the column on the far right side click the notes or installer version.
After that you're on your own.  I've done this before and it has always worked, but the instructions can be a little bizarre at times.

While researching, my question was will doing this actually address the KRACK vulnerability? So I'm passing along the next thing I found, the betas that have been released for DD-WRT, hopefully for your model. Anything after 10/10/2017 should have addressed this.
ftp://ftp.dd-wrt.com/betas/2017/

I would flash to the latest standard DD-WRT on the first page linked, then apply the beta patches.  But that's just me.

Good luck.
: Re: KRACK WPA2 Vulnerability - are firmware updates available?
: ProFromGrover October 19, 2017, 01:54:44 PM
This is my last post on this subject I think.  :-)

FOR WHAT IT'S WORTH this is what I did. I went to the beta link that I posted above ftp://ftp.dd-wrt.com/betas/2017/

I downloaded the file named file named wzr-hp-ag300h-dd-wrt-webupgrade-MULTI.bin since that's the model I have.

I opened the admin | firmware page on my router.  I made a backup of the current settings.  I selected the file and clicked the Upgrade button.  It took 300 seconds, then rebooted and voila!

This is not to say these steps will work for you, but they worked for me.  I think most of the instructions on the DD-WRT Wiki are more of a reaction to worst-case scenarios or one-off situations.  Not to say that if you do the same thing I did it won't brick your router, which is always a possibility, so be ready in case that happens.  I went in with my eyes open, you'd better do the same.
: Re: KRACK WPA2 Vulnerability - are firmware updates available?
: ACGarland October 19, 2017, 05:46:51 PM
Hello ProFromGlover,

Just a short note to say "thank you" for the links to the detailed information regarding applying updates from dd-wrt.com .  I read some of the precautionary warnings and I must say, it's a wonder anybody risks doing an upgrade--the number and seriousness of the warnings is pretty overwhelming. (And I'm an electrical engineer working in firmware/software for multiple decades.) 

I found your second report a great deal more encouraging!

Unfortunately, the router database page for my model (WHR-HP-G54) shows a latest stable build dated 2017-09-07 and I couldn't find any betas listed for that model.

So I guess I'll have to wait to see if anything newer than 2017-09-07 gets posted--or a beta added for the WHR-HP-G54.

My present firmware version is pretty ancient (model  WHR-HP-G54 Ver.1.40 (1.0.37-1.08-1.04)) so I definitely need to get with it and update mine--I'm still using WEP (although with MAC filtering) :-P  But if the update is risky/complex, I'd rather wait and do it once.
: Re: KRACK WPA2 Vulnerability - are firmware updates available?
: retry October 20, 2017, 01:26:24 AM
I just want to help everybody out that wants a fix for this.  Yes, you need to go to dd wrt's community site to get new firmware.  First off, the website is completely out of date.  You want to go to the forums to look for the newest information.  Unfortunately it's just a complete mess to get that information.  But the firmware is reasonably well organized.  You just have to know where to look.  So here is where you go:

ftp://ftp.dd-wrt.com/betas/

Then drill down to the latest builds:

ftp://ftp.dd-wrt.com/betas/2017/10-17-2017-r33525/

This is the ONLY rev with the KRACK patch.  Find your router model.  For example, I own 2 WZR-600DHP's :
ftp://ftp.dd-wrt.com/betas/2017/10-17-2017-r33525/buffalo_wzr-600dhp/

In that dir, you will see TWO binaries. If you're here, you probably still have buffalo firmware installed.  So you'll want this one:
buffalo_to_ddwrt_webflash-MULTI.bin

The other one is what you will use after you've converted to the community builds (i.e when you flash future revisions).

You can try to upgrade via the web interface if you have buffalo branded DD-WRT.  I highly recommend you backup your config, take screenshots of settings too, and reset the config when you flash.  Don't be surprised if the flash takes 10 minutes.  Also don't be surprised if it fails.  I could never get a web upgrade to work right. 

In which case you have to use tftp, which is technically more complicated than the web based upgrade. Different routers have different tftp guides.  I will explain the pocedure for a WZR-600DHP which should cover fundamentals, but settings will be different for different hardware (i.e. IP addr to set, MAC addr to set, etc.)

This is going to be super confusing to novices, but what you want to do is unplug your router from the internet and pull the plug. Get an ethernet cable and attach it from your PC to a LAN port on the router (NOT the WAN port).  You will then set your PC's ethernet device to 192.168.11.2 with a 255.255.255.0 subnet mask (gateway can stay blank).  Then you will open a command prompt.

Then type the following command:

netsh interface ip add neighbors "Local Area Connection" 192.168.11.1 02-AA-BB-CC-DD-20

Again, the IP address and MAC address is what the WZR-600DHP wants.  Other routers will expect different things. You'll have to do your own research on that.

Now cd to whatever dir you saved the firmware binary in.  If you saved to your Desktop, then cd Desktop should take you there.  Now you will type (but do not press enter yet):

tftp -i 192.168.11.1 PUT <firmware file>

e.g.:
tftp -i 192.168.11.1 PUT buffalo_to_ddwrt_webflash-MULTI.bin

So that command is waiting to launch (you didn't press enter right?).  Now open a second command prompt.  Type the following command:
arp -a

You will see some IP addresses and MAC addresses in a list (or maybe nothing at all).  Just be ready to type that command over and over in a moment.

Now plug the router back in.  It will power up, and the TFTP window will open in around 10 seconds and last for 4 seconds.  While it's powering up, go back to the window with the arp -a command just repeatedly run the command until you see a line for 192.168.11.2 pop up with the MAC address we entered earlier: 02-AA-BB-CC-DD-20

When you see it, switch to the window with the tftp command line ready to go and press enter.  Wait for the transfer to complete.  You may have to disable your firewall if it doesn't work.  If you miss the window, or the transfer fails or times out,  power off the router and start over at the tftp line above.

If you see the result that the transfer was successful, then just be patient.  Give the router 10 minutes to flash and restart.  If all goes well you can change your ethernet adapter back to dynamic assignment and connect to your router via the web gui at http://192.168.1.1 .

Good luck.  I won't be monitoring this forum or offering any help.  Be prepared to waste hours if you brick your router.  If you have another way of connecting to the internet during all this, great.  If not make sure you've got all the documentation, firmware, etc. you need before you knock yourself offline. 

If you're smart like me (haha), you own two identical wifi routers and you rotate which is the slave (repeater) and which is the master (router) with every firmware upgrade, always upgrading the slave first, then promoting it to the master.  This way you never end up offline in case things go totally south (yes I've been in a bricked state for days before -- live and learn).

The WZR-600DHP is a fine router.  I've been happy with them.
: Re: KRACK WPA2 Vulnerability - are firmware updates available?
: Texturtle October 20, 2017, 08:51:32 AM
Please the above post: http://forums.buffalotech.com/index.php?topic=24721.0 (http://forums.buffalotech.com/index.php?topic=24721.0)
: Re: KRACK WPA2 Vulnerability - are firmware updates available?
: hmrct October 20, 2017, 01:08:24 PM
Glad to see Buffalo is *probably* going to issue a DD-WRT Professional firmware upgrade for the WZR-600DHP.  There are a number of reasons you might want to wait for the pro upgrade instead of replacing it with a community firmware upgrade.  In particular, there are two router features supported by the pro firmware that are not supported by the community firmware (don't have the list in front of me, but the DD-WRT wiki section for the WZR-600DHP is helpful in that regard): most of us probably don't use those features, but I hate giving up capabilities even if I'd never use them.

You also lose the Buffalo branding seen on the web-based administration pages (not necessarily an issue -- pointed reminder you're running a community firmware load instead of the pro firmware), and the ability to configure certain features via the web interface, i.e., you'll have to get familiar with the command-line interface.  I'd like to think that's not an issue for people who value having DD-WRT as an option, but I'm all about not violating the principal of least astonishment when it comes to upgrades.

One last observation...  As another poster mentioned, if you read through the instructions for flashing the community firmware and are paying attention, you will probably come away from the effort with the distinct impression your odds of success are essentially nil.  Logic says that has to be b.s. or people couldn't be enticed to try the community firmware loads.  HOWEVER, the advice to have a backup router available is a great idea.  Get the backup flashed and configured the way you want it, then swap it out with your current primary.  Minimal downtime, and you don't accidentally saw off the tree limb upon which you're sitting.
: Re: KRACK WPA2 Vulnerability - are firmware updates available?
: ACGarland October 20, 2017, 03:46:44 PM
I concur: the number of dire warnings and "details" that one is expected to navigate on the dd-wrt.com website in order to update one's router seems over-the-top.  Many (most?) who might consider doing so will conclude its too risky or will require a ton of time.  Representing the upgrade process as something where people have to master all the intricacies of dozens of warnings and potential problems is simply not workable.  Most folks don't have the time, nor the expertise, to devote hours and hours to updating their firmware.

This has always been the Achilles heel of open source: some WONDERFUL apps and mind-blowing utilities (e.g., git), but sorting through the mountain of stale may-or-may-not-apply-in-your-case "documentation" to figure out what YOU need to do can almost make some packages unusable.  Aspects of the dd-wrt.com website seem that way.

In my case, I need to upgrade/update a Buffalo WHR-HP-G54 (two, purchased in 2007 and 2010) and have no idea whether they are considered so old that neither Buffalo nor dd-wrt.com will eventually have updates that deal with the KRACK WPA2 vulnerability for that particular platform.
: Re: KRACK WPA2 Vulnerability - are firmware updates available?
: retry October 21, 2017, 01:29:07 PM
Yes flashing router firmware is not the same thing as a software update. IMO it's a travesty of the hardware community that they don't maintain the software that runs their equipment.  Buffalo does show support for *some* of its older hardware, and that is laudable.  This is why I've been a loyal buffalo customer through 3 generations of router purchases (802.11g, 802.11n, dual-band 802.11n/ac).  That and the fact that when they do cut off support, their routers take DD-WRT already without having to go through extra steps like unlocking a bootloader.

I'll use a car analogy.  Some people can barely pump their own gas.  Some people can change their oil/swap their tires/replace spark plugs.  Some people can repair engine problems. Some people can completely mod a car. 

The point is, if you're not a technical computer user, if the command line frighten and confuses you, then do not attempt a TFTP upgrade.  It also means *if* you brick your router through the web gui, you cannot recover.  Honestly, it's just about following a series of steps without rushing through it and skipping something important.  Remember when we were kids in school and we got that assignment to read ALL the instructions carefully before you begin?  Then the last instruction is to disregard all the instructions and merely sign your name at the top? Did you pass that quiz? If not, then you will probably fail.

I've flashed every router I've ever owned.  I have bricked routers, screamed, punched things, etc, but I always ended up triumphant.  This is the nature of ALL engineering and technical work.

I am unaware of any features in the Buffalo branded dd-wrt firmware that aren't in the community builds.  The community builds have moved on so much and added features.  My wifi is infinitely more stable on this latest community build than it was on the last buffalo build. 

BTW, the dnsmasq vulnerability was never patched by buffalo either.
http://www.itsecdb.com/oval/definition/oval/com.redhat.rhsa/def/20172836/RHSA-2017-2836-dnsmasq-security-update-Critical-.html

If you *are* still using the buffalo firmware, you ought to disable dnsmasq.

The fact of the matter is, no hardware vendor is really doing a good enough job keeping their products up to date and safe.  Sure Buffalo is better than most of the other router vendors, but that's not really saying much.  A router is just a purpose specific server.  Servers get software updates AS THEY ARE needed.  If you run linux systems, security patches can come at any time, and are almost always painless to install. 

Phones are a great example of a purpose specific computer that is actually nothing more than a server (always on/always connected to the internet with at least one exposed service) but almost never get timely updates.  There is only one way I know to remedy that: own an android phone and install LineageOS or some other community driven project based on AOSP.  I flash a new ROM onto my phone weekly in a few minutes.  It is painless and effective.

In my experience with DD-WRT, they rely on the community to QA builds, so a new revision can be really buggy and unstable.  I only flash when something serious comes along like KRACK or the dnsmasq flaws.  It takes effort to pay attention to what is happening with software. But you know what? You ALL rely on this technology everyday for very important things.  You SHOULD be paying attention.  Or you can be like the ignorant masses and have your equipment become part of some 100000 unit strong botnet, causing DDOSes and ransomware.  Consider it civic duty if you will.
: Re: KRACK WPA2 Vulnerability - are firmware updates available?
: retry October 21, 2017, 01:44:56 PM
In my case, I need to upgrade/update a Buffalo WHR-HP-G54 (two, purchased in 2007 and 2010) and have no idea whether they are considered so old that neither Buffalo nor dd-wrt.com will eventually have updates that deal with the KRACK WPA2 vulnerability for that particular platform.

Dude I got rid of my WHR-HP-G54 like 5 years ago.  They are paperweights.  You haven't been safe running those in a very long time. KRACK is just the latest software flaw needing patching.  You haven't been paying any attention and NOW expect firmware updates on 802.11g technology? Come on.  You can't expect support for a device that isn't even physically up to snuff with modern standards.  That's like owning a 32 bit computer and being angry that only 64 bit builds are getting made now.

That thing was a great router in its day, but it only has 16MB of RAM and 4MB of storage.  That's not even close to capable of running modern firmware.  Even a minimal openwrt build with squashfs needs more than 4MB!

As for the complete mess of the dd-wrt website, no joke, it's pretty bad.  But basically two guys (kong and brainslayer) are doing ALL this work for free for the rest of us. Besides, I already showed you where to go: FTP site for the latest builds, forums for the latest news. The cruft sucks, but it's easily ignored.

Check this out: a new build released yesterday includes an EAPOL kill switch to protect unpatched clients on your LAN:
http://dd-wrt.com/phpBB2/viewtopic.php?t=311799

So now community dd-wrt protects the router itself (e.g. if it's a client bridge) and all your attached devices.  Will Buffalo have this in theirs?
: Re: KRACK WPA2 Vulnerability - are firmware updates available?
: ACGarland October 21, 2017, 03:51:13 PM
Honestly, it's just about following a series of steps without rushing through it and skipping something important.  Remember when we were kids in school and we got that assignment to read ALL the instructions carefully before you begin?  Then the last instruction is to disregard all the instructions and merely sign your name at the top? Did you pass that quiz? If not, then you will probably fail.

Yes, except in the case of dd-wrt.com a newbie can't even really find which set of conflicting instructions are really (no, REALLY) the current ones--and which other distractors can be safely ignored.  I recall seeing one write-up that said, essentially, "ignore other instructions cuz THIS is the one" and then other forum posts which said THAT one wasn't up-to-date or was overly complex.

Just to say that even if you have a technical background and are used to doing this sort of stuff, the dd-wrt.com labyrinth is especially frustrating.  IMHO, this tends to be how open-source stuff trends unless a significant effort is put into going back and getting rid of stale info.  But with a community-owned effort, there is seldom the payback or focus to do so--and things get increasingly snarly with time.

I'm thankful for dd-wrt.com, but just mentioning that the history of documentation there exacerbates an already challenging problem.
: Re: KRACK WPA2 Vulnerability - are firmware updates available?
: ACGarland October 21, 2017, 03:55:51 PM
Dude I got rid of my WHR-HP-G54 like 5 years ago.  They are paperweights.  You haven't been safe running those in a very long time. KRACK is just the latest software flaw needing patching.  You haven't been paying any attention and NOW expect firmware updates on 802.11g technology? Come on.  You can't expect support for a device that isn't even physically up to snuff with modern standards.  That's like owning a 32 bit computer and being angry that only 64 bit builds are getting made now.

Just for the record: 1) I don't expect firmware updates for my old devices--just wanting to know if there might be one; and 2) I'm not angry with anyone--in case your analogy suggested I might be. :-)

Thanks for your observations and advice.
: Re: KRACK WPA2 Vulnerability - are firmware updates available?
: retry October 21, 2017, 05:25:41 PM
Timestamps are your friend.  The same problem exists all over the internet. Don't just blame open source for it.  10 years ago, you could do a search on any topic and find relevant info.  Nowadays you search for XYZ 2017 to avoid that same 10 year old stuff.  I'm always looking up data charts on any number of topics (economics, crime, social topics, etc.) and finding data from 2008 or something. 

For the case of your ancient G routers, it's time to buy new hardware and recycle those ones properly.
: Re: KRACK WPA2 Vulnerability - are firmware updates available?
: hmrct October 24, 2017, 10:51:38 AM
I think "retry" was either a televangelist or late-night TV product pitchman in a former life :-).

Earlier comment I made about missing features in the community load was based on some of that ancient documentation other posters have complained about.  Doesn't seem to apply based on what I've seen of either of the two October beta firmware loads for the WZR-600DHP.

Speaking of which, all the anxiety about trying the community firmware was for naught.  Installing the upgrades was among the most boring (*exactly* the way I like it) firmware flashing experiences I've had over many years of doing this.  Two points about the WZR-600DHP specifically I think may be worth noting:

(1) DD-WRT says the -600DHP is an updated version of -HP-AT300H having the exact same FCC ID number.  Following an upgrade to one of the community loads, the router self-identifies as a WZR-HP-AT300H.  I didn't notice if this was the case while running the Buffalo DD-WRT firmware load.

(2) The web upgrade procedure simply works -- no drama whatsoever.  DO note the router's default IP address changes from 192.168.11.1 to 192.168.1.1 when switching from Buffalo DD-WRT firmware to the community DD-WRT firmware.
: Re: KRACK WPA2 Vulnerability - are firmware updates available?
: oldunixguy October 25, 2017, 12:01:07 AM
I use a WZR-600DHP and now that the Krack vulnerability has been reported I expect someone at Buffalo Tech to put up a fix for the DD-WRT Professional delivered by Buffalo Tech.

I don't want to go to DD-WRT and install any generic variant.

regards
oldunixguy
: Re: KRACK WPA2 Vulnerability - are firmware updates available?
: taco.tuesday November 09, 2017, 04:55:37 PM
I am also looking for an update from Buffalo Technology. What is the status of firmware updates for the KRACK vulnerability?? Other router manufacturers have released firmware updates to patch this vulnerability and DD-WRT has provided patches for some models... so when will Buffalo start releasing their updates? 

I have a WZR-1750DHPD. I would prefer not to go flash my Buffalo router with the DD-WRT website's firmware variant if I can help it.  I'd like my router manufacturer to provide their own update. Hopefully someone from Buffalo Tech support can respond.  As of 11/09/17 there has been no news posted to the forum page at: http://forums.buffalotech.com/index.php?topic=24721.0
: Re: KRACK WPA2 Vulnerability - are firmware updates available?
: roachx December 04, 2017, 10:38:17 AM
Have there been any updates to the buffalo DD-WRT builds yet? I user my WZR-600DHP in client mode exclusively so I consider this a required patch and I would prefer to stick with official buffalo DD-WRT.
: Re: KRACK WPA2 Vulnerability - are firmware updates available?
: roachx March 19, 2018, 08:09:40 PM
Whats going on with the KRACK updates? Has it been determined the update is not necessary or something. The KRACK sticky still shows the wzr 600 should receive an update.
: Re: KRACK WPA2 Vulnerability - are firmware updates available?
: taco.tuesday March 26, 2018, 06:12:14 PM
FYI, BuffaloTech finally released a firmware update for my router today (model WZR-1750DHPD, aka "Airstation Extreme AC1750").  So, for anyone reading this who is waiting for a firmware update, you may want to re-check the downloads section to see if your model has an update available.  Better late than never I guess... I was starting to think I would need to replace my router due to Buffalo's lack of firmware support. 

Yes, this firmware update addresses the KRACK WPA2 vulnerability (See the version history below for the release notes included with the latest update).
As always, backup your router config and take note of all your custom settings before attempting a firmware update.


Version History
r30357

Bug Fixes

Fixed the WPA/WPA2's security vulnerabilities.
Fixed the dnsmasq's vulnerabilities(VU#973527).
Fixed the Samba's vulnerabilities(CVE-2017-15275).
The differences between settings from the previous version are listed below.

Removed "Summer Time(DST)" option. To set summer time(DST), configure "country-selection".
Removed "vtysh OSPF BGP RIP router" from the "Advanced Routing" options.
Removed "CIFS Automount" option. Mounting using SSH is still available.
Removed the [Auto-Refresh] button located on [Setup]-[Networking]-[Current Bridging Table].
Removed "Reauthentication Limit" option from "Web Access".
The setting for IPv6 was moved to [Setup]-[IPv6].