To all Digi International Customers,
Digi’s Security Team has been reviewing nine related CVEs, more commonly known as Frag Attack. Frag Attack, or fragmentation and aggregation attacks, states that an adversary who is within range of a victim's Wi-Fi network can abuse these vulnerabilities to steal user information or attack devices.
These vulnerabilities are difficult to perform and carry out because most require a combination of being able to inject 802.11 frames, successfully complete a MITM attack, and successfully socially engineer the victim into bypassing browser warnings about a link or visiting a site hosted by a malicious server. For all the above to succeed, the attacker would need to be sophisticated, onsite, and armed with specialized hardware and software. The Digi Security Team has found that many vendors have released patches or ways to mitigate against these CVEs. Listed below are recommended ways to mitigate against the Frag Attack vulnerabilities on Digi International devices.
Recommended mitigations:
To mitigate against Frag Attack Digi suggests doing the following:
- By default, the product enables HTTPS.
- Use WPA3 – Enabling WPA3 automatically enables 802.11w-protected management frames, which prevents rogue deauthorization/disassociation frames from impacting the AP-client connection. *(if WPA3 is not available use a or b)*
- WPA2 Personal is the default encryption type for Wi-Fi access points on DAL devices
- Supports WPA2-PSK
- Use EAP-TLS – This ensures that the client authenticates the network before joining.
- RADIUS-based authentication for enterprise access points.
- RADIUS-based authentication (client mode)
- DAL, only for client-mode connections (i.e., where the DAL device is connecting to another router's SSID), not for its own access points.
- Certificate-based authentication is done via PEAP with MSCHAPv2
- EAP-TTLS/PAP, EAP-TTLS/MSCHAPv2 authentication.
If any further vulnerability paths have been discovered regarding the Wi-Fi Frag Attack, please submit the vulnerability on our Digi Security Notification site. To ensure communication please submit your email with the form.
Thank you,
Digi International Security Team
Digi International Devices
|
Product Family
|
Model
|
Mitigation
|
Enterprise (DAL OS)
|
EX15 W
|
1, 2*, 3a c
|
|
EX50
|
1, 2*, 3a c
|
Industrial (DAL OS)
|
IX20 W
|
1, 2*, 3a c
|
Transportation (DAL OS)
|
TX54 (all variants)
|
1, 2*, 3a c
|
|
TX64 (all variants)
|
1, 2*, 3a c
|
|
LR54 W
|
1, 2*, 3a c
|
Infrastructure Management (DAL OS)
|
AnywhereUSB 8 Wi-Fi Plus
|
1, 2*, 3a c
|
|
AnywhereUSB 24 Wi-Fi Plus
|
1, 2*, 3a c
|
|
Connect EZ 4
|
1, 2*, 3a c
|
Legacy (DAL OS)
|
6330-MX
|
1, 2*, 3a c
|
|
6350-SR
|
1, 2*, 3a c
|
|
|
|
Embedded (DEY and DEA)
|
All ConnectCore SOMs,
Digi Embedded Yocto (DEY),
Digi Embedded Android (DEA)
|
1 (customer to enforce HTTPS configuration)
2 (WPA3 personal for all DEY) (WPA3 Enterprise for CC6UL & CCMP157) °
3b e
|
|
|
|
Infrastructure Management Framework (IMF)
|
Connect WS
|
1
|
|
WVA (all variants)
|
1, 2b, 3c
|
|
Z45 Wi-Fi Industrial Controllers
|
1, 2b
|
°More devices/platforms will be added throughout the year.
Last updated:
Jan 01, 2024