On 16 Oct 2017, at 09:56, Brian Kantor Brian@UCSD.Edu wrote:
This appears to be somewhat serious; it will probably require people to reflash the firmware in some or all of their wireless devices when fixes become available. How one reflashes IoT devices is problematic.
From what I gather from several sources, seems to be fixable from the AP
side (or at least can be mitigated).
Both Mikrotik and Ubiquiti have new firmware versions with a fix. Although for now we don’t know wether it’s a core protocol vulnerability or an implementation weakness.
I’ve applied the Ubiquiti fix, which is available from their beta program (enrolling is a matter of clicking in a form) and so far so good, my zoo of wireless devices is not complaining.
The fixed version from Ubiquiti is 3.9.3.7537
Mikrotik hasn’t given very clear information (one of their support reps said on their forum “we have fixes” but looking at their downloads and changelogs these versions seem to be fixed:
6.39.3 (2017-Oct-12 11:24) 6.40.4 (2017-Oct-02 08:38):
In case anyone is following the -rc channel, 6.41rc44 is not yet fixed. I guess they will release a new rc version today or tomorrow.
Borja - EA2EKH