A WiFi vulnerability issue has been published that affects WPA and WPA2 authentication. It is possible for an attacker within range of a WiFi access point to intercept data sent between a WiFi client and an Access Point using a Key Reinstallation Attack (named KRACK by its authors).
Cradlepoint is incorporating a patch that addresses this vulnerability and expects to release NetCloud OS 6.4.2 Tuesday, October 31, 2017.
What is it?
The Key Reinstallation Attack was published earlier this week by Belgian researchers. It allows attackers within range of a WiFi access point the ability to monitor data sent between a WiFi client and an Access Point.
Our analysis of this exploit is that Cradlepoint router AP functionality is not at risk, but WiFi-as-WAN and WiFi Client functionality is at risk. Along with our Wireless driver vendors and WiFi Authentication services, we are updating our routers to mitigate this issue.
For more information, please see
The related CVEs are:
|CVE-2017-13077||Reinstallation of the pairwise key in the Four-way handshake|
|CVE-2017-13078||Reinstallation of the group key in the Four-way handshake|
|CVE-2017-13079||Reinstallation of the integrity group key in the Four-way handshake|
|CVE-2017-13080||Reinstallation of the group key in the Group Key handshake|
|CVE-2017-13081||Reinstallation of the integrity group key in the Group Key handshake|
|CVE-2017-13082||Accepting a retransmitted FT Reassociation Request and reinstalling the pairwise key while processing it|
|CVE-2017-13084||Reinstallation of the STK key in the PeerKey handshake|
|CVE-2017-13086||Reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake|
|CVE-2017-13087||Reinstallation of the group key (GTK) when processing a Wireless Network Management
(WNM) Sleep Mode Response frame
|CVE-2017-13088||Reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame|
What Cradlepoint devices are affected?
All currently supported products that support WiFi are affected.
Please note the CBA850 and other products with no Wi-Fi are not affected.
Mitigation Steps: what actions do I take?
- If you do not use WiFi-as-WAN or Wi-Fi Client functionality, no action is necessary. However, we suggest you update to the 6.4.2 release when it is
- If you use WiFi-as-WAN or Wi-Fi Client functionality, ensure that your attached clients use VPN or HTTPS connections to encrypt their
Upgrading to New Firmware
At Cradlepoint, protecting your network is our first priority.
To upgrade your firmware:
- For instructions on upgrading firmware using NetCloud Manager, click here.
- For instructions on upgrading firmware using the Automatic Update capability in the router user interface, click here.
- If you want to download new firmware and manually update using the router user interface, click here.
For more information, contact your USAT Corp Representative by visiting here.