ESP8266 Developer Zone The Official ESP8266 Forum 2017-10-17T09:36:49+08:00 https://bbs.espressif.com:443/feed.php?f=20&t=6946 2017-10-17T09:36:49+08:00 2017-10-17T09:36:49+08:00 https://bbs.espressif.com:443/viewtopic.php?t=6946&p=16475#p16475 <![CDATA[Espressif Releases Patches for WiFi Vulnerabilities (CERT VU#228519)]]>

The recently discovered WiFi WPA2 protocol vulnerabilities, a.k.a. KRACK, is of critical security level; the vulnerabilities allow the connection to be hijacked, or eavedropped and malicious packet injections. These vulnerabilities are also described in detail at CERT VU#228519 and individually in CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087 and CVE-2017-13088.


Espressif has already fixed in these ESP8266 versions:
  • ESP8266 RTOS master branch since commit 2fab9e23d779cdd6e5900b8ba2b588e30d9b08c4
  • ESP8266 NON-OS master branch since commit b762ea222ee94b9ffc5e040f4bf78dd8ba4db596
All Espressif chipset users are encouraged to upgrade as soon as possible.


More details are in Espressif Website.


Thank you to the security researcher Mathy Vanhoef & CERT for finding & disclosing this issue to vendors.

Statistics: Posted by ESP_Faye — Tue Oct 17, 2017 9:36 am

]]>