WPA2 Security (KRACKs) Vulnerability Statement

1 wpa2 Security (KRACKs) Vulnerability Statement Description: Sitecom Europe is aware of vulnerabilities in the wpa2 Security protocol that affect some Sitecom products. An attacker within wireless range of a Wi-Fi network can exploit these vulnerabilities using key reinstallation attacks (KRACKs). According to the research paper on KRACKs by Mathy Vanhoef that brought this Vulnerability to the attention of vendors, the attack targets the wpa2 handshake and does not exploit (modem)routers and access points, but instead targets clients.

2 All vulnerabilities can be fixed through software updates since the issues are related to implementation flaws. Sitecom has been working to solve this problem and will continue to post software updates at: Products with an Automatic Firmware Update possibility will receive update notifications in the web browser. More information about krack can be found through the link: Note that the following two conditions must exist in order for the krack Vulnerability to be exploited: Physical Proximity: An attack can only happen when an attacker is in physical proximity to and within wireless range of your network.

3 Time Window: An attack can only happen when a client device is connecting or reconnecting to a Wi-Fi network. Unaffected Sitecom products: All Routers and ModemRouters All Access Points All WiFi HomePlug adapters All mobile Wi-Fi products Affected Sitecom products: WiFi Repeaters/Extenders WiFi Adapters WiFi Cameras WiFi Mediaplayers How to protect your devices: Until a software update is available to eliminate the Vulnerability for your product, it is recommended to take the following precautions: Patch the operating system of your smartphones, tablets and computers.

4 For WiFi Adapters: Patch the operating system of your computers. Microsoft has fixed such Security issues as mentioned in Sitecom has been working on affected models and will release firmware updates over the next few weeks on our official support website: Associated CVE identifiers: The following Common Vulnerabilities and Exposures (CVE) identifiers have been assigned to track which products are affected by specific types of key reinstallation attacks: 1. CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake 2.

5 CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake 3. CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake 4. CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake 5. CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake. 6. CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it 7. CVE-2017-13084: Reinstallation of the STK key in the PeerKey handshake 8.

6 CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake 9. CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame 10. CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame Disclaimer: wpa2 vulnerabilities will remain if you do not take all recommended actions. Sitecom Europe will not bear any responsibility for consequences that could have been avoided by following the recommendations in this Statement .

7