Support Announcements
D-Link WiFI Devcies :: Latest Response for WiFi "FragAttacks" (fragmentation and aggregation attacks) Vulnerability Disclosure...

Overview

 

On May 11, 2021, D-Link became aware of the public disclosure of "FragAttack", a collection of security vulnerabilities that affect Wi-Fi devices.

 
D-Link has investigated these reported security issues and if any D-Link Brand WiFi products are affected by these vulnerable.

 

The Industry Consortium for Advancement of Security on the Internet (ICASI) recently disclosed this collection of security vulnerabilities called FragAttacks (fragmentation and aggregation attacks) affecting Wi-Fi devices. Some vulnerabilities are widespread design flaws in the Wi-Fi standard or widespread programming mistakes in Wi-Fi products. Three of the reported vulnerabilities require additional actions by the attacker and receiver, including a man-in-the-middle attack to intercept the user’s wireless signal. As we investigate, D-Link understands, much of these attacks have dependances to attempt or are difficult to implement in a production environments.

 

The CVSS score for FragAttacks have been rated as medium severity.
 
D-Link takes the issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and implement appropriate security measures. Please check the D-Link website for updates regularly.
 

Report

 

        - FragAttack Public Disclosure Website :: Link

        - https://www.wi-fi.org/security-update-fragmentation
        - https://www.icasi.org/aggregation-fragmentation-attacks-against-wifi/


Details: (Quoted directly from the Disclosure Website) 

 

         An overview of all assigned Common Vulnerabilities and Exposures (CVE) identifiers can be found on GitHub, and there is a list of known advisories from companies. Summarized, the design flaws were assigned the following CVEs:

 

  • CVE-2020-24588: aggregation attack (accepting non-SPP A-MSDU frames).
  • CVE-2020-24587: mixed key attack (reassembling fragments encrypted under different keys).
  • CVE-2020-24586: fragment cache attack (not clearing fragments from memory when (re)connecting to a network).

 

         Implementation vulnerabilities that allow the trivial injection of plaintext frames in a protected Wi-Fi network are assigned the following CVEs:

 

  • CVE-2020-26145: Accepting plaintext broadcast fragments as full frames (in an encrypted network).
  • CVE-2020-26144: Accepting plaintext A-MSDU frames that start with an RFC1042 header with EtherType EAPOL (in an encrypted network).
  • CVE-2020-26140: Accepting plaintext data frames in a protected network.
  • CVE-2020-26143: Accepting fragmented plaintext data frames in a protected network.

 

        Other implementation flaws are assigned the following CVEs:

 

  • CVE-2020-26139: Forwarding EAPOL frames even though the sender is not yet authenticated (should only affect APs).
  • CVE-2020-26146: Reassembling encrypted fragments with non-consecutive packet numbers.
  • CVE-2020-26147: Reassembling mixed encrypted/plaintext fragments.
  • CVE-2020-26142: Processing fragmented frames as full frames.
  • CVE-2020-26141: Not verifying the TKIP MIC of fragmented frames.

 

Affected Products

 

 

Category Model HW Region Affected F/W Fixed F/W Recommendation Last Update
Business Access Point DAP-1665 Bx WW 2.06B01 & Older v2.06B01_beta03

Download & Update

09/01/21
Business Access Point DAP-1665 Bx Japan 2.06B01 & Older v2.07JPB01_beta03 Download & Update 09/01/21
Business Access Point DAP-2610 A1 US Under Investigation Pending Pending 09/01/21
Business Access Point DAP-2680 A1 US Under Investigation Pending Pending 08/26/21
Business Nuclias DAP-X2810 A1 US Under Investigation Pending Pending 08/26/21
Business Nuclias DBA-1210P A1 US Under Investigation Pending Pending 08/26/21
Business Nuclias DBA-1510P A1 US Under Investigation Pending Pending 08/26/21
Business Nuclias DBA-1520P A1 US Under Investigation Pending Pending 08/26/21
Business Nuclias DBA-2520P A1 US Under Investigation Pending Pending 08/26/21
Business Nuclias DBA-2620P  A1 US Under Investigation Pending Pending 08/26/21
Business Nuclias DBA-2720P  A1 US Under Investigation Pending Pending 08/26/21
Business Nuclias DBA-2820P A1 US Under Investigation Pending Pending 08/26/21
Business Nuclias DBA-3620P A1 US Under Investigation Pending Pending 08/26/21
Business Nuclias DBA-3621P A1 US Under Investigation Pending Pending 08/26/21
Business Nuclias DBA-X1230P A1 US Under Investigation Pending Pending 08/26/21
Business Nuclias DBA-X2830P A1 US Under Investigation Pending Pending 08/26/21
Business Unified AP DWL-6620APS A1 US v4.7.3.0 & Older v4.7.3.0B103C Download & Update 09/01/21
Business Unified AP DWL-6720AP A1 US Under Investigation Pending Pending 08/26/21
Business Unified AP DWL-7620AP A1 US v4.7.3.0 & Older v4.7.3.0B102C Download & Update 08/26/21
Business Unified AP DWL-7620APS A1 US Under Investigation Pending Pending 08/26/21
Business Unified AP DWL-8620AP A1 US Under Investigation Pending Pending 08/26/21
Business Unified AP DWL-8720AP A1 US Under Investigation Pending Pending 08/26/21
Business Unified AP DWL-X8630AP A1 US v4.7.3.0 & Older v4.7.3.0B102C Download & Update 09/01/21
               
Consumer Adapters DWA-121 B1 US Under Investigation Pending Pending 08/26/21
Consumer Adapters DWA-131 E1 US  Win10 v5.12b03 & Older  Win10 v5.13b01 Download & Update 08/26/21
Consumer Adapters DWA-131 E1 US Linux 5.6.3.1 & Older Linux 5.11.2.1-18 Download & Update  08/26/21
Consumer Adapters DWA-171 C1 US  Win10 3.04B02_Hotfix 
   Win10  v3.04b02_beta     Download & Update  08/26/21
Consumer Adapters DWA-172 A1 US Under Investigation Pending Pending 08/26/21
Consumer Adapters DWA-181 A1 US Under Investigation Pending Pending 08/26/21
Consumer Adapters DWA-182 D1 US Under Investigation Pending Pending 08/26/21
Consumer Adapters DWA-582 A1 US Under Investigation Pending Pending 08/26/21
Consumer Extenders DAP-1325 A1 US Under Investigation Pending Pending 08/26/21
Consumer Extenders DAP-1360 F1 US Under Investigation Pending Pending 08/26/21
Consumer Extenders DAP-1360 F2 US Under Investigation Pending Pending 08/26/21
Consumer Extenders DAP-1530 A2 US Under Investigation Pending Pending 08/26/21
Consumer Extenders DAP-1530 B1 US Under Investigation Pending Pending 08/26/21
Consumer Extenders DAP-1610 A2 US Under Investigation Pending Pending 08/26/21
Consumer Extenders DAP-1610 B1 US Under Investigation Pending Pending 08/26/21
Consumer Extenders DAP-1620 B1 US Under Investigation Pending Pending 08/26/21
Consumer Extenders DAP-1755 A2 US Under Investigation Pending Pending 08/26/21
Consumer Extenders DAP-1820 A1 US Under Investigation Pending Pending 08/26/21
Consumer Extenders DAP-1900 A1 US Under Investigation Pending Pending 08/26/21
Consumer Extenders DAP-1950 A2 US Under Investigation Pending Pending 08/26/21
Consumer Extenders DAP-1955 A2 US v1.02B01 & Older v1.04B03_beta02 Download & Update 09/01/21
Consumer Extenders DAP-2020 A1 US Under Investigation Pending Pending 08/26/21
Consumer Extenders DAP-2020 A2 US Under Investigation Pending Pending 08/26/21
Consumer Extenders DAP-X1860 A1 US Under Investigation Pending Pending 08/26/21
Consumer Extenders DAP-X1870 A1 US Under Investigation Pending Pending 08/26/21
Consumer Extenders DRA-1360 A1 non-US Under Investigation Pending Pending 08/26/21
Consumer Extenders DRA-2060 A1 non-US Under Investigation Pending Pending 08/26/21
Consumer Routers COVR-1100 A1 US Under Investigation Pending Pending 08/26/21
Consumer Routers COVR-1100 B1 US Under Investigation Pending Pending 08/26/21
Consumer Routers COVR-L1900 A1 US v1.03B03 & Older v1.11B05beta01 Download & Update 09/01/21
Consumer Routers COVR-X1860 A1 US v1.01B05 & Older v1.01B05_823_beta Download & Update 08/26/21
Consumer Routers COVR-X1870 A1 US Under Investigation Pending Pending 08/26/21
Consumer Routers DIR-1260 A1 US Under Investigation Pending Pending 08/26/21
Consumer Routers DIR-1260 R1 US Under Investigation Pending Pending 08/26/21
Consumer Routers DIR-1360 A1 US Under Investigation Pending Pending 08/26/21
Consumer Routers DIR-1750 A1 US Under Investigation Pending Pending 08/26/21
Consumer Routers DIR-1760 A1 US Under Investigation Pending Pending 08/26/21
Consumer Routers DIR-1950 A1 US Under Investigation Pending Pending 08/26/21
Consumer Routers DIR-L1900 A1 US v1.03B03 & Older v1.11B05beta01 Download & Update 09/01/21
Consumer Routers DIR-1960 A1 US Under Investigation Pending Pending 08/26/21
Consumer Routers DIR-2055 A1 US Under Investigation Pending Pending 08/26/21
Consumer Routers DIR-2150 A1 US Under Investigation Pending Pending 08/26/21
Consumer Routers DIR-2150 R1 US Under Investigation Pending Pending 08/26/21
Consumer Routers DIR-2640 A1 US Under Investigation Pending Pending 08/26/21
Consumer Routers DIR-2660 A1 US Under Investigation Pending Pending 08/26/21
Consumer Routers DIR-3040 A1 US Under Investigation Pending Pending 08/26/21
Consumer Routers DIR-3060 A1 US Under Investigation Pending Pending 08/26/21
Consumer Routers DIR-615 X1 US Under Investigation Pending Pending 08/26/21
Consumer Routers DIR-821 V2 US Under Investigation Pending Pending 08/26/21
Consumer Routers DIR-822 C1 US Under Investigation Pending Pending 08/26/21
Consumer Routers DIR-822 E1 US Under Investigation Pending Pending 08/26/21
Consumer Routers DIR-822 V2 US Under Investigation Pending Pending 08/26/21
Consumer Routers DIR-825 I1 US Under Investigation Pending Pending 08/26/21
Consumer Routers DIR-825 R1 US Under Investigation Pending Pending 08/26/21
Consumer Routers DIR-842       C1 US Under Investigation Pending Pending 08/26/21
Consumer Routers DIR-853 A1 US Under Investigation Pending Pending 08/26/21
Consumer Routers DIR-853 A2 US Under Investigation Pending Pending 08/26/21
Consumer Routers DIR-853 A3 US Under Investigation Pending Pending 08/26/21
Consumer Routers DIR-867 A1 US Under Investigation Pending Pending 08/26/21
Consumer Routers DIR-878 A1 US Under Investigation Pending Pending 08/26/21
Consumer Routers DIR-882 A1 US Under Investigation Pending Pending 08/26/21
Consumer Routers DIR-LX1870 A1 US Under Investigation Pending Pending 08/26/21
Consumer Routers DIR-X1560 A1 US Under Investigation Pending Pending 08/26/21
Consumer Routers DIR-X1860        A1 US Under Investigation Pending Pending 08/26/21
Consumer Routers DIR-X1860        B1 US Under Investigation Pending Pending 08/26/21
Consumer Routers DIR-X1870 A1 US Under Investigation Pending Pending 08/26/21
Consumer Routers DIR-X3260 A1 US Under Investigation Pending Pending 08/26/21
Consumer Routers DIR-X5460 A1 US Under Investigation Pending Pending 08/26/21
Consumer Routers DIR-X6060 A1 US Under Investigation Pending Pending 08/26/21
Consumer IP Cameras DCS-2670L B1   non-US  v2.02 & Older v2.02.02 Download & Update 07/26/21
               
Service Provider Gateway DPN-1452DG J1 non-US Under Investigation Pending Pending 08/26/21
Service Provider Gateway DSL-124 I1 non-US End of Service Life EOL/EOS Retire & Replace 09/01/21
Service Provider Gateway DSL-124 R1 non-US v1.00 & Older  vME_1.00_Hotfix Conact D-Link ME 09/01/21
Service Provider Gateway DSL-125 I1 non-US End of Service Life EOL/EOS Retire & Replace 08/26/21
Service Provider Gateway DSL-224 R1 non-US Under Investigation Pending Pending 08/26/21
Service Provider Gateway DSL-224 S1 non-US Under Investigation Pending Pending 08/26/21
Service Provider Gateway DSL-225 A1 non-US Under Investigation Pending Pending 08/26/21
Service Provider Gateway DSL-2252 J1 non-US Under Investigation Pending Pending 08/26/21
Service Provider Gateway DSL-245GE R1 non-US Under Investigation Pending Pending 08/26/21
Service Provider Gateway DSL-245GR R1 non-US Under Investigation Pending Pending 08/26/21
Service Provider Gateway DSL-245GT J1 non-US Under Investigation Pending Pending 08/26/21
Service Provider Gateway DSL-2640U R1 non-US Under Investigation Pending Pending 08/26/21
Service Provider Gateway DSL-2740U R1 non-US Under Investigation Pending Pending 08/26/21
Service Provider Gateway DSL-2750U I1 non-US End of Service Life EOL/EOS Retire & Replace 09/01/21
Service Provider Gateway DSL-2750U J1 non-US Under Investigation Pending Pending 08/26/21
Service Provider Gateway DSL-2750U R1 non-US Under Investigation Pending Pending 08/26/21
Service Provider Gateway DSL-2878 U1 non-US Under Investigation Pending Pending 08/26/21
Service Provider Gateway DSL-2888A T1 non-US Under Investigation Pending Pending 08/26/21
Service Provider Gateway DSL-3785 B1 non-US Under Investigation Pending Pending 08/26/21
Service Provider Gateway DSL-3788 B2 non-US Under Investigation Pending Pending 08/26/21
Service Provider Gateway DSL-3890 A1 non-US Under Investigation Pending Pending 08/26/21
Service Provider Gateway DSL-3900 A1 non-US Under Investigation Pending Pending 08/26/21
Service Provider Gateway DSL-4320L A1 non-US Under Investigation Pending Pending 08/26/21
Service Provider Gateway DSL-5300 A1 non-US Under Investigation Pending Pending 08/26/21
Service Provider Gateway DSL-G225 J1 non-US Under Investigation Pending Pending 08/26/21
Service Provider Gateway DSL-G2452DG T2 non-US Under Investigation Pending Pending 08/26/21
Service Provider Gateway DSL-G2452GE R1 non-US Under Investigation Pending Pending 08/26/21
Service Provider Gateway DSL-G2452GE S1 non-US Under Investigation Pending Pending 08/26/21
Service Provider Gateway DSL-G2452GR R1 non-US Under Investigation Pending Pending 08/26/21
Service Provider Gateway DSL-G2562DG T1 non-US Under Investigation Pending Pending 08/26/21
Service Provider Gateway DSL-G256DG A1 non-US Under Investigation Pending Pending 08/26/21
Service Provider Gateway DVA-2800 T1 non-US Under Investigation Pending Pending 08/26/21
Service Provider Gateway DVA-6800Z A1 non-US Under Investigation Pending Pending 08/26/21
Service Provider Gateway DVA-6800Z A2 non-US Under Investigation Pending Pending 08/26/21
Service Provider Gateway DVG-5402G R1 non-US Under Investigation Pending Pending 08/26/21

 

Regarding Security patch for your D-Link Devices

 

Meanwhile, as D-Link iinvestigates and determines which D-Link devices are potentially affected, we recommends that Wi-Fi device owners regularly check their devices are updated to the latest firmware. D-Link also always advise users to connect to HTTPS websites (Link), use strong, complex  credentials for computer access and WiFi connections. For further protection, we recommend using VPN service, Anti-Virus tools, and understand connecting to the internet should be done under Zero-Trust Guidelines (Link).

 

Firmware updates address the security vulnerabilities in affected D-Link devices. D-Link will update this continually, and we strongly recommend all users to install the relevant updates.

 

Please note that this is a device beta software, beta firmware, or hot-fix release, which is still undergoing final testing before its official release. The beta software, beta firmware, or hot-fix is provided on an "as is" and "as available" basis, and the user assumes all risk and liability for use thereof. D-Link does not offer any warranties, whether express or implied, as to the beta firmware's suitability or usability. D-Link will not be liable for any loss, whether such loss is direct, indirect, special or consequential, suffered by any party due to their use of the beta firmware.

 

As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can be found on the product label on the product's underside next to the serial number. Alternatively, the hardware revision can also be found on the device web configuration pages.