Page 1 of 1

[SOLVED] Is ESP8266 AT command firmware affected by KRACK?

Posted: Wed Oct 25, 2017 8:50 am
by t310h
I'm aware that libwpa.a and some other libraries are already updated.
However, how about AT command firmware?

Yesterday, I ran AT+CIUPDATE. But AT+GMR reports

AT version:1.5.0.0(Sep 20 2017 19:34:38)
SDK version:2.1.0(116b762)
compile time:Sep 20 2017 20:32:34
OK

Is this version affected by KRACK (WPA2 attack)?

Re: Is ESP8266 AT command firmware affected by KRACK?

Posted: Wed Oct 25, 2017 10:45 am
by ESP_Faye
Hi,

Yes, it is.

But we are working on the new AT firmware now, it will be released soon.

Thanks for your interest in ESP8266!

Re: Is ESP8266 AT command firmware affected by KRACK?

Posted: Fri Nov 10, 2017 8:57 am
by t310h
I have successfully updated AT firmware to the unvulnerable version(SDK2.1.0(ace2d95)).
Thank you for the revision.

Re: [SOLVED] Is ESP8266 AT command firmware affected by KRACK?

Posted: Sat Nov 18, 2017 6:20 am
by avc
Hi,

Can you tell me where you downloaded the new AT firmware from?

Re: [SOLVED] Is ESP8266 AT command firmware affected by KRACK?

Posted: Sat Nov 18, 2017 8:21 am
by t310h
Hello,

First, open the resources page of ESP8266:

http://espressif.com/en/products/hardware/esp8266ex/resources

ant click the check mark (looks like a letter v) at the right of AT.
(DO NOT click 'SDK & Demos'. As of writing this, the AT firmwares there are still old ones.)
Then a table will appear.
Confirm that release date is 2017.11.06 (or later) and click the download icon.
You'll obtain a zip file containing new firmwares.

Alternatively, if your current AT firmware is capable of AT+CIUPDATE, then you might want to try it.

Hope this helps.