Scribd Logo
Upload

Welcome to Scribd!

  • DWA-131 REVE RELEASE NOTES v5.13B01 HOTFIX WINDOWS

    Uploaded by

    giuveta
    16 views2 pages

    Original Title

    DWA-131_REVE_RELEASE_NOTES_v5.13B01_HOTFIX_WINDOWS

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    16 views2 pages

    DWA-131 REVE RELEASE NOTES v5.13B01 HOTFIX WINDOWS

    Uploaded by

    giuveta

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    DWA-131 Firmware Hotfix Release Notes

    Driver: 5.13B01 Hotfix – Windows 10


    Hardware Revision: Ex
    Date: September 13, 2021

    3rd Party Report:

    The Industry Consortium for Advancement of Security on the Internet (ICASI) recently
    disclosed that a collection of new security vulnerabilities called FragAttacks
    (fragmentation and aggregation attacks) could affect Wi-Fi devices. Some
    vulnerabilities are widespread design flaws in the Wi-Fi standard or widespread
    programming mistakes in Wi-Fi products.

    Problems Resolved:

    • CVE-2020-12695 – FragAttacks (fragmentation and aggregation attacks)

    The design flaws were assigned the following CVEs:

    • CVE-2020-24588: aggregation attack (accepting non-SPP A-MSDU frames).


    • CVE-2020-24587: mixed key attack (reassembling fragments encrypted under
    different keys).
    • CVE-2020-24586: fragment cache attack (not clearing fragments from memory
    when (re)connecting to a network).

    Implementation vulnerabilities that allow the trivial injection of plain text frames in a
    protected Wi-Fi network are assigned the following CVEs:

    • CVE-2020-26145: Accepting plaintext broadcast fragments as full frames (in an


    encrypted network).
    • CVE-2020-26144: Accepting plaintext A-MSDU frames that start with an RFC1042
    header with EtherType EAPOL (in an encrypted network).
    • CVE-2020-26140: Accepting plaintext data frames in a protected network.
    • CVE-2020-26143: Accepting fragmented plaintext data frames in a protected
    network.
    Other implementation flaws are assigned the following CVEs:

    • CVE-2020-26139: Forwarding EAPOL frames even though the sender is not yet
    authenticated (should only affect APs).
    • CVE-2020-26146: Reassembling encrypted fragments with non-consecutive
    packet numbers.
    • CVE-2020-26147: Reassembling mixed encrypted/plaintext fragments.
    • CVE-2020-26142: Processing fragmented frames as full frames.
    • CVE-2020-26141: Not verifying the TKIP MIC of fragmented frames.

    DISCLAIMER: Please note that this is a device beta software, beta firmware, or hot-fix
    release which is still undergoing final testing before its official release. The beta software,
    beta firmware, or hot-fix is provided on an “as is” and “as available” basis and the user
    assumes all risk and liability for use thereof. D-Link does not provide any warranties, whether
    express or implied, as to the suitability or usability of the beta firmware. D-Link will not be
    liable for any loss, whether such loss is direct, indirect, special or consequential, suffered by
    any party as a result of their use of the beta firmware.

    You might also like