Vulnerability to FragAttacks (CVE-2020-24588, 24587, 24586, 26145, 26144, 26140, 26143, 26139, 26146, 26147, 26142, 26141)

Between Apil and May 2021, the security researcher Mathy Vanhoef named several serious design flaws in the implementation of WLAN according to IEEE 802-11. These problems are summarised under the term FragAttack and refer to the possibility of replacing fragmented packets with others after using an encrypted connection and thus manipulating the data flow.

Unencrypted networks do not seem to be affected, and WEP/WPA2/WPA3 encryption must already be overcome or known.

We will offer hardware and software modifications to close the vulnerability. Our vulnerability testing has been completed, a corresponding text report can be found here.

The v4 has been EoL for some time and can therefore only be rudimentarily maintained, the v6 will receive a software update, possibly WLAN cards will have to be exchanged if the manufacturer does not offer a firmware update. We will keep you informed.

WPA2 bug KRACK (Key Reinstallation Attack, CVE-2017-13077, 13078, 13079, 13080, 13081, 13082, 13084, 13086, 13087, 13088)

On October 16,2017, errors in the WPA2 procedure were reported that affect the security of the connection and almost exclusively affect WLAN clients, in only a few cases access points such as the CAR-A-WAN.

Certain scenarios, in which the WLAN card is used as an Ethernet client (CAR-A-WAN. 112), however, make a security update necessary even for IPmotion.

We have already taken the appropriate measures and will release a general update for v4 and v6 in week 43/44. Until then we ask our customers for patience, the software has to be tested first.

Further information will follow by email to all known customers.