Author Topic: KRACK WPA2 Vulnerability - are firmware updates available?  (Read 12248 times)

retry

  • Calf
  • *
  • Posts: 4
Re: KRACK WPA2 Vulnerability - are firmware updates available?
« Reply #15 on: October 21, 2017, 01:44:56 PM »
In my case, I need to upgrade/update a Buffalo WHR-HP-G54 (two, purchased in 2007 and 2010) and have no idea whether they are considered so old that neither Buffalo nor dd-wrt.com will eventually have updates that deal with the KRACK WPA2 vulnerability for that particular platform.

Dude I got rid of my WHR-HP-G54 like 5 years ago.  They are paperweights.  You haven't been safe running those in a very long time. KRACK is just the latest software flaw needing patching.  You haven't been paying any attention and NOW expect firmware updates on 802.11g technology? Come on.  You can't expect support for a device that isn't even physically up to snuff with modern standards.  That's like owning a 32 bit computer and being angry that only 64 bit builds are getting made now.

That thing was a great router in its day, but it only has 16MB of RAM and 4MB of storage.  That's not even close to capable of running modern firmware.  Even a minimal openwrt build with squashfs needs more than 4MB!

As for the complete mess of the dd-wrt website, no joke, it's pretty bad.  But basically two guys (kong and brainslayer) are doing ALL this work for free for the rest of us. Besides, I already showed you where to go: FTP site for the latest builds, forums for the latest news. The cruft sucks, but it's easily ignored.

Check this out: a new build released yesterday includes an EAPOL kill switch to protect unpatched clients on your LAN:
http://dd-wrt.com/phpBB2/viewtopic.php?t=311799

So now community dd-wrt protects the router itself (e.g. if it's a client bridge) and all your attached devices.  Will Buffalo have this in theirs?

ACGarland

  • Calf
  • *
  • Posts: 4
Re: KRACK WPA2 Vulnerability - are firmware updates available?
« Reply #16 on: October 21, 2017, 03:51:13 PM »
Honestly, it's just about following a series of steps without rushing through it and skipping something important.  Remember when we were kids in school and we got that assignment to read ALL the instructions carefully before you begin?  Then the last instruction is to disregard all the instructions and merely sign your name at the top? Did you pass that quiz? If not, then you will probably fail.

Yes, except in the case of dd-wrt.com a newbie can't even really find which set of conflicting instructions are really (no, REALLY) the current ones--and which other distractors can be safely ignored.  I recall seeing one write-up that said, essentially, "ignore other instructions cuz THIS is the one" and then other forum posts which said THAT one wasn't up-to-date or was overly complex.

Just to say that even if you have a technical background and are used to doing this sort of stuff, the dd-wrt.com labyrinth is especially frustrating.  IMHO, this tends to be how open-source stuff trends unless a significant effort is put into going back and getting rid of stale info.  But with a community-owned effort, there is seldom the payback or focus to do so--and things get increasingly snarly with time.

I'm thankful for dd-wrt.com, but just mentioning that the history of documentation there exacerbates an already challenging problem.

ACGarland

  • Calf
  • *
  • Posts: 4
Re: KRACK WPA2 Vulnerability - are firmware updates available?
« Reply #17 on: October 21, 2017, 03:55:51 PM »
Dude I got rid of my WHR-HP-G54 like 5 years ago.  They are paperweights.  You haven't been safe running those in a very long time. KRACK is just the latest software flaw needing patching.  You haven't been paying any attention and NOW expect firmware updates on 802.11g technology? Come on.  You can't expect support for a device that isn't even physically up to snuff with modern standards.  That's like owning a 32 bit computer and being angry that only 64 bit builds are getting made now.

Just for the record: 1) I don't expect firmware updates for my old devices--just wanting to know if there might be one; and 2) I'm not angry with anyone--in case your analogy suggested I might be. :-)

Thanks for your observations and advice.

retry

  • Calf
  • *
  • Posts: 4
Re: KRACK WPA2 Vulnerability - are firmware updates available?
« Reply #18 on: October 21, 2017, 05:25:41 PM »
Timestamps are your friend.  The same problem exists all over the internet. Don't just blame open source for it.  10 years ago, you could do a search on any topic and find relevant info.  Nowadays you search for XYZ 2017 to avoid that same 10 year old stuff.  I'm always looking up data charts on any number of topics (economics, crime, social topics, etc.) and finding data from 2008 or something. 

For the case of your ancient G routers, it's time to buy new hardware and recycle those ones properly.

hmrct

  • Calf
  • *
  • Posts: 2
Re: KRACK WPA2 Vulnerability - are firmware updates available?
« Reply #19 on: October 24, 2017, 10:51:38 AM »
I think "retry" was either a televangelist or late-night TV product pitchman in a former life :-).

Earlier comment I made about missing features in the community load was based on some of that ancient documentation other posters have complained about.  Doesn't seem to apply based on what I've seen of either of the two October beta firmware loads for the WZR-600DHP.

Speaking of which, all the anxiety about trying the community firmware was for naught.  Installing the upgrades was among the most boring (*exactly* the way I like it) firmware flashing experiences I've had over many years of doing this.  Two points about the WZR-600DHP specifically I think may be worth noting:

(1) DD-WRT says the -600DHP is an updated version of -HP-AT300H having the exact same FCC ID number.  Following an upgrade to one of the community loads, the router self-identifies as a WZR-HP-AT300H.  I didn't notice if this was the case while running the Buffalo DD-WRT firmware load.

(2) The web upgrade procedure simply works -- no drama whatsoever.  DO note the router's default IP address changes from 192.168.11.1 to 192.168.1.1 when switching from Buffalo DD-WRT firmware to the community DD-WRT firmware.

oldunixguy

  • Calf
  • *
  • Posts: 3
Re: KRACK WPA2 Vulnerability - are firmware updates available?
« Reply #20 on: October 25, 2017, 12:01:07 AM »
I use a WZR-600DHP and now that the Krack vulnerability has been reported I expect someone at Buffalo Tech to put up a fix for the DD-WRT Professional delivered by Buffalo Tech.

I don't want to go to DD-WRT and install any generic variant.

regards
oldunixguy

taco.tuesday

  • Calf
  • *
  • Posts: 2
Re: KRACK WPA2 Vulnerability - are firmware updates available?
« Reply #21 on: November 09, 2017, 04:55:37 PM »
I am also looking for an update from Buffalo Technology. What is the status of firmware updates for the KRACK vulnerability?? Other router manufacturers have released firmware updates to patch this vulnerability and DD-WRT has provided patches for some models... so when will Buffalo start releasing their updates? 

I have a WZR-1750DHPD. I would prefer not to go flash my Buffalo router with the DD-WRT website's firmware variant if I can help it.  I'd like my router manufacturer to provide their own update. Hopefully someone from Buffalo Tech support can respond.  As of 11/09/17 there has been no news posted to the forum page at: http://forums.buffalotech.com/index.php?topic=24721.0

roachx

  • Calf
  • *
  • Posts: 2
Re: KRACK WPA2 Vulnerability - are firmware updates available?
« Reply #22 on: December 04, 2017, 10:38:17 AM »
Have there been any updates to the buffalo DD-WRT builds yet? I user my WZR-600DHP in client mode exclusively so I consider this a required patch and I would prefer to stick with official buffalo DD-WRT.

roachx

  • Calf
  • *
  • Posts: 2
Re: KRACK WPA2 Vulnerability - are firmware updates available?
« Reply #23 on: March 19, 2018, 08:09:40 PM »
Whats going on with the KRACK updates? Has it been determined the update is not necessary or something. The KRACK sticky still shows the wzr 600 should receive an update.

taco.tuesday

  • Calf
  • *
  • Posts: 2
Re: KRACK WPA2 Vulnerability - are firmware updates available?
« Reply #24 on: March 26, 2018, 06:12:14 PM »
FYI, BuffaloTech finally released a firmware update for my router today (model WZR-1750DHPD, aka "Airstation Extreme AC1750").  So, for anyone reading this who is waiting for a firmware update, you may want to re-check the downloads section to see if your model has an update available.  Better late than never I guess... I was starting to think I would need to replace my router due to Buffalo's lack of firmware support. 

Yes, this firmware update addresses the KRACK WPA2 vulnerability (See the version history below for the release notes included with the latest update).
As always, backup your router config and take note of all your custom settings before attempting a firmware update.


Version History
r30357

Bug Fixes

Fixed the WPA/WPA2's security vulnerabilities.
Fixed the dnsmasq's vulnerabilities(VU#973527).
Fixed the Samba's vulnerabilities(CVE-2017-15275).
The differences between settings from the previous version are listed below.

Removed "Summer Time(DST)" option. To set summer time(DST), configure "country-selection".
Removed "vtysh OSPF BGP RIP router" from the "Advanced Routing" options.
Removed "CIFS Automount" option. Mounting using SSH is still available.
Removed the [Auto-Refresh] button located on [Setup]-[Networking]-[Current Bridging Table].
Removed "Reauthentication Limit" option from "Web Access".
The setting for IPv6 was moved to [Setup]-[IPv6].