Page 1 of 1

Espressif Releases Patches for WiFi Vulnerabilities (CERT VU#228519)

Posted: Tue Oct 17, 2017 9:36 am
by ESP_Faye
The recently discovered WiFi WPA2 protocol vulnerabilities, a.k.a. KRACK, is of critical security level; the vulnerabilities allow the connection to be hijacked, or eavedropped and malicious packet injections. These vulnerabilities are also described in detail at CERT VU#228519 and individually in CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087 and CVE-2017-13088.

Espressif has already fixed in these ESP8266 versions´╝Ü
  • ESP8266 RTOS master branch since commit 2fab9e23d779cdd6e5900b8ba2b588e30d9b08c4
  • ESP8266 NON-OS master branch since commit b762ea222ee94b9ffc5e040f4bf78dd8ba4db596
All Espressif chipset users are encouraged to upgrade as soon as possible.

More details are in Espressif Website.


Thank you to the security researcher Mathy Vanhoef & CERT for finding & disclosing this issue to vendors.