text.skipToContent text.skipToNavigation

Belkin Security Advisories

Wemo Remote Code Execution Vulnerability
Advisory Date:  08/21/18

“Wemo is aware of this vulnerability from Doug McKee AKA “fulmetalpackets” and researchers at the McAfee Labs Advanced Threat Research.  We have been working together to address the exploit and plan to release firmware in the coming month.”

Wemo UPnP Vulnerability

Advisory Date:  08/18/18
 
"Our Wemo development team has been working with the researchers who identified the recent DNS Rebinding findings and its potential impact on the local network communication for our Wemo devices which use the UPnP protocol.  DNS Rebinding could allow a “threat actor” to penetrate a victim’s home network by using their web browser as a proxy using “phishing” scams or malicious banner ads.  Our Wemo development team is committed to take action in securing our products from these types of attacks by implementing additional security around the UPnP implementation.

By using the responsible disclosure process, we were able to quickly understand the exploit from the researchers and began working on the best solution to protect our customers.  We plan to release an updated mobile app and firmware to all our Wemo devices in the coming months that will address the vulnerability."

For more information on how to avoid phishing scams please visit https://www.sec.gov/reportspubs/investor-publications/investorpubsphishinghtm.html

 
KRACK Advisory
Advisory Date:  10/19/17
 
Overview
An exploit vulnerability called KRACK (which stands for Key Reinstallation Attack) was identified by a researcher regarding a flaw in the Wi-Fi Protected Access 2 (WPA2) protocol that helps secure products on a protected Wi-Fi network. The WPA2 protocol is ubiquitous in Wi-Fi networking. The vulnerability described is in the standard itself, rather than just being present in certain companies’ products.  Thru this exploit, a series of vulnerabilities were found including a local access vulnerability (hackers need to be within range of a user’s Wi-Fi network) that is known to exploit a flaw in the four-way handshake process between a user's device and a Wi-Fi network. It potentially allows an attacker unauthorized access to the user’s protected Wi-Fi network without the password. More details about the vulnerabilities can found at the ICASI site
here.
 
Company Statement:
10/16/17
Belkin International, (Belkin, Linksys and Wemo) is aware of the WPA2 vulnerability. Our security team is verifying the details and we will advise accordingly.  Also know that we are committed to putting the customer first and are planning to post instructions on our security advisory page on what customers can do to update their products, if and when required.
 
Solution
Until a firmware is available, we recommend customers use WPA2-Personal or Enterprise with AES as the wireless encryption type and stop using WPA2/WPA Mixed Mode with TKIP or AES* to reduce the impact of this vulnerability.  Although WPA2-Personal or Enterprise does not prevent the attack, it makes the attack more difficult to execute effectively.  To learn how to change your WPA security settings, click
here.
 
When firmware is available, customers should know that all Linksys devices that offer automatic firmware updates which include all Smart Wi-Fi routers (Velop, MaxStream, WRT, and EA series product lines) and some extenders (RE6250, RE6300 RE6350, RE 6400, RE6700, RE6800, RE7000, RE9000) will update to the latest firmware offering a fix to these vulnerabilities when it is available unless the customer has specifically opted out from this service.  Customers that opted out of automatic firmware updates and customers of adapters, bridges, range extenders that do not support automatic firmware updates can download the firmware when it is available from
http://www.belkin.com/us/support or http://www.linksys.com/us/support/.
 
For Wemo devices, the mobile applications will notify the users on the availability of new firmware and will prompt the users to initiate the firmware update.
 
If users are not able to perform a firmware update or receive an error message during the update, please contact Belkin, Linksys or Wemo customer support for further instructions. 
 
Confirmed Affected Products:
 
We are still confirming all product skus affected, including Belkin Routers and Range Extenders, Linksys Routers, Adapters, Access Points, Bridges and Range Extenders and Wemo Products.  As mentioned, when firmware is available, it will be posted to the associated brands’ support page.
 
 
VulnerabilityProducts Possibly Affected
  • CVE-2017-13077: Reinstallation of pairwise key in 4-way handshake
  • CVE-2017-13078: Reinstallation of group key in 4-way handshake
  • CVE-2017-13079: Reinstallation of the integrity group key in 4-way handshake
  • CVE-2017-13080: Reinstallation of the group key in the group key handshake
  • CVE-2017-13081  Reinstallation of the integrity group key in the group key handshake
  • CVE-2017-13087: Reinstallation of the group key (GTK) when processing a Wireleess Network Management (WNM) Sleep Mode Response frame
  • CVE-2017-13088: Reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Seep Mode Response frame
Linksys Products
  • EA6900 v2 (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
  • EA7300 (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
  • EA7400 (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
  • EA7500 (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
  • EA7500 v2 (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
  • EA8300 (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
  • EA8500 (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
  • LAPN300 (When WDS or workgroup bridge is enabled)
  • LAPN600 (When WDS or workgroup bridge is enabled)
  • LAPAC1200 (When WDS or workgroup bridge is enabled)
  • LAPAC1750 (When WDS or workgroup bridge is enabled)
  • LAPAC1750PRO (When WDS or workgroup bridge is enabled)
  • LAPAC2600 (When WDS or workgroup bridge is enabled)
  • WRT1200AC (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
  • WRT1900AC (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
  • WRT1900AC v2 (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
  • WRT1900ACS (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
  • WRT3200ACM (When used as a wireless repeater or wireless bridge, not affected if used as a wireless router)
  • RE1000 v2
  • RE2000 v2
  • RE3000 v2
  • RE4000
  • RE4100W
  • RE6250
  • RE6300
  • RE6350
  • RE6400
  • RE6500
  • RE6700
  • RE6800
  • RE7000
  • RE9000
  • WAP1200AC (When used as a wireless repeater or wireless bridge, not affected if used as a wireless AP)
  • WAPT1200AC (When used as a wireless repeater or wireless bridge, not affected if used as a wireless AP)
  • WAP750AC (When used as a wireless repeater or wireless bridge, not affected if used as a wireless AP)
  Belkin Products
  • F7D7501
  • F9K1015
  • F9K1111
  • F9K1122
  • F9K1126
  •  F9K1127
Wemo Products
  • Wemo Switch
  • Wemo Motion Sensor
  • Wemo Insight
  • Wemo Light Switch
  • Wemo Dimmer
  • Wemo Switch Mini
  • Wemo Link
  • Wemo Slow Cooker
  • Wemo Humidifier
  • Wemo Coffee Maker
  • Wemo Heater
  • Wemo Netcam HD+
  • Wemo Netcam Night Vision
  • CVE-2017-13082: Accepting retransmitted Fast BSS Transition Reassociation Request and reinstalling pairwise key while processing it





 
Linksys Products
  • EA7400
  • EA7500
  • EA8300
  • EA8500
  • LAPAC2600
  • WHW03
  • RE7000
  • RE9000
  • CVE-2017-13084: Reinstallation of the STK key in PeerKey handshake
  • CVE-2017-13086: Reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake
Belkin Products
  • F7D7501
 
 
 
* The reason for this is that WPA2/WPA mixed mode allows the use of TKIP which will enable attackers to forge packets.  WPA2 only allows the use of AES which prevents the forging of packets and at the same time, makes decryption of packets more difficult (although not impossible).

 

Was this support article useful?

Thank you for your feedback.

Additional Support Questions?

Search Again

CONTACT SUPPORT

  • PHONE

    Have questions about your Belkin product? Contact our support team. CALL US
  • LIVE CHAT

    A customer advocate will answer your questions. START LIVE CHAT
  • TWITTER

    Post your issue to Twitter, and we will reply in minutes. Tweet @BelkinCares
  • CONNECTED EQUIPMENT WARRANTY

    File a CEW claim for equipment damaged by a surge or power issue while connected to your Belkin product.Learn More