Click to skip the navigation bar
Search
Search Menu

WPA2 安全性 (KRACKs) 漏洞聲明

安全問題諮詢
更新01-09-2026 02:50:14 AM Number of views for this article539678

描述

TP-Link 已知曉 WPA2 安全協定有漏洞,漏洞會影響部分 TP-Link 產品。在 Wi-Fi 網路覆蓋範圍內的攻擊者可以利用金鑰重裝攻擊(KRACK) 來攻擊這些漏洞。 Mathy Vanhoef 撰寫的關於 KRACK 的研究論文指出,該漏洞引起了廠商的關注,攻擊目標是 WPA2 握手過程,而非接入點,而是用戶端。由於這些問題均與實現缺陷有關,因此所有漏洞均可透過軟體更新進行修復。

TP-Link一直在努力解決這個問題,並將繼續在以下網址發佈軟體更新:https://www.tp-link.com/support/。啟用TP-Link雲端服務的產品將自動在網頁管理介面、Tether App或Deco App中收到更新通知。

有關 KRACK 的更多資訊可透過以下連結找到:https://www.krackattacks.com

已修復的TP-Link設備:

無線路由器:

TL-WR841N(EU) V13,韌體版本為 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n 或更高版本。

TL-WR841N(US) V13,韌體版本為 0.9.1 4.16 v0348.0 Build 171020 Rel.75834n 或更高版本。

TL-WR842N(RU) V5,韌體版本為 1.1.0 0.9.1 v0001.0 Build 171109 Rel.56772n 或更高版本。

TL-WR840N(EU) V5,韌體版本為 0.9.1 3.16 v0001.0 Build 171211 Rel.58800n 或更高版本。

TL-WR840N(ES) V5,韌體版本為 0.9.1 3.16 v01e4.0 Build 180228 Rel.57268n 或更高版本。

TL-WR840N(VN) V5,韌體版本為 0.9.1 3.16 v02c0.0 Build 180207 Rel.64051n 或更高版本。

TL-WR940N(RU) V6,韌體版本為 3.18.1 Build 171115 Rel.46734n 或更高版本。

TL-WR940N(VN) V6,韌體版本為 3.18.1 Build 171115 Rel.48390n 或更高版本。

TL-WR940N(BR) V6,韌體版本為 3.18.1 Build 171115 Rel.43350n 或更高版本。

TL-WR940N(US) V6,韌體版本為 3.18.1 Build 171030 Rel.43957n 或更高版本。

TL-WR940N(TW) V6,韌體版本 3.18.1 Build 171115 Rel.47564n 或更高版本。

TL-WR940N(ES) V6,韌體版本 3.18.1 Build 171115 Rel.44481n 或更高版本。

TL-WR940N(EU) V6,韌體版本 3.19.1 Build 180119 Rel.59618n 或更高版本。

TL-WR940N plus(KR) V6,韌體版本 3.18.1 Build 171115 Rel.45906n 或更高版本。

TL-WR940N(JP) V6,韌體版本 3.18.1 Build 171115 Rel.45192n 或更高版本。

TL-WR941HP(UN) V2,韌體版本 2.0.1 Build 20171225 Rel.60160 或更高版本。

TL-WR902AC(US) V3,韌體版本為 0.9.1 0.2 v008a.0 Build 171229 Rel.54327n 或更高版本。

TL-WR902AC(EU) V3,韌體版本為 0.9.1 0.1 v0089.0 Build 170828 Rel.57433n 或更高版本。

Archer C2(RU) V5,韌體版本為 0.9.1 3.16 v0283.0 Build 180105 Rel.60915n 或更高版本。

Archer C7(US) V2,韌體版本 3.15.3 Build 180114 Rel.39265n 或更高版本。

Archer C7(RU) V4,韌體版本 1.0.4 Build 20171130 Rel.28047 或更高版本。

Archer C7(歐盟/美國/加拿大/日本)V4,韌體版本 1.0.5 Build 20171101 Rel.37754 或更高版本。

Archer C9(US) V4,韌體版本 1.0.1 Build 20171219 Rel.57874 或更高版本。

Archer C9(EU) V4 with firmware version 1.3.1 Build 20171215 Rel.35219 or later.

Archer C9(US/CA) V3 with firmware version 1.3.1 Build 20171215 Rel.35219 or later.

Archer C9(US) V1 with firmware version 3.17.1 Build 20180125 Rel.56387n or later.

Archer C2300(KR) V1 with firmware version 2.0.1 Build 20171221 Rel.80951 or later.

Archer C5400(KR) V2 with firmware version 1.0.2 Build 20171106 Rel.71351 or later.

Range Extenders:

TL-WA850RE V5 with firmware version 1.0.0 Build 20171116 Rel.36698 or later.

TL-WA850RE V4 with firmware version 1.0.0 Build 20171116 Rel.36232 or later.

TL-WA850RE(US) 2.0 with firmware version 1.0.0 Build 20171123 Rel.41475 or later.

TL-WA850RE(EU) 2.0 with firmware version 1.0.0 Build 20171123 Rel.62444 or later.

TL-WA860RE V5 with firmware version 1.0.0 Build 20171116 Rel.38570 or later.

TL-WA860RE V4 with firmware version 1.0.0 Build 20171116 Rel.38109 or later.

TL-WA855RE V3 with firmware version 1.0.0 Build 20171116 Rel.37646 or later.

TL-WA855RE V2 with firmware version 1.0.0 Build 20171116 Rel.37176 or later.

TL-WA865RE V4 with firmware version 1.0.0 Build 20171116 Rel.39026 or later.

RE650 V1 with firmware version 1.0.4 Build 20171123 Rel.54853 or later.

RE500 V1 with firmware version 1.0.2 Build 20171129 Rel.58168 or later.

RE590T V1 with firmware version 1.0.0 Build 20171122 Rel.62085 or later.

RE580D V1 with firmware version 1.0.0 Build 20171114 Rel.63483 or later.

RE450 V2 with firmware version 1.0.3 Build 20171127 Rel.59316 or later.

RE450 V1 with firmware version 1.0.0 Build 20171215 Rel.55534 or later.

RE380D(US) V1 with firmware version 1.0.0 Build 20171201 Rel.59961 or later.

RE360 V1 with firmware version 1.0.2 Build 20171226 Rel.33711 or later.

RE350 V1 with firmware version 1.0.0 Build 20171121 Rel.63631 or later.

RE305 V1 with firmware version 1.0.0 Build 20171115 Rel.41733 or later.

RE205 V1 with firmware version 1.1.1 Build 20171218 Rel.50791 or later.

RE200 V2 with firmware version 1.1.5 Build 20180208 Rel.62854 or later.

RE200(EU) V1 with firmware version 3.14.2 Build 171206 Rel.32803n or later.

RE200(US) V1 with firmware version 3.14.2 Build 171205 Rel.57551n or later.

Whole Home Wi-FI system:

Deco M5 with firmware version 1.1.6 Build 20171103 Rel. 47257 or later

Smart Home devices:

NC200 with firmware version v2.1.8 or later.

NC260 with firmware version v1.3.3 or later.

NC210 (UN) V1 with firmware 1.0.9 Build 171214 Rel.C9342E or later.

NC230 (UN) V1 with firmware 1.3.0 Build 171205 Rel.2310A2 or later.

NC250 (UN) V1 with firmware 1.3.0 Build 171205 Rel.2310A2 or later.

NC450 (UN) V2 with firmware 1.3.4 Build 171130 Rel.ECC739 or later.

HS105(US) with firmware version v1.5.1 or later.

HS100 (US) V2 with firmware 1.5.1 Build 171109 Rel.165709 or later.

HS110 (US) V2 with firmware 1.5.1 Build 171109 Rel.165709 or later.

HS200 (US) V3 with firmware 1.5.2 Build 171208 Rel.114610 or later.

HS210 (US) V1 with firmware 1.5.2 Build 171208 Rel.113556 or later.(

LB100, LB110, LB120, LB130(US) with firmware v1.7.1 or later.

RE270K, RE370K(US) with firmware v1.1.10 or later.

RE270K, RE370K(EU) with firmware v1.1.10 or later.

KC120(US) with firmware v2.1.3 or later.

Conditions under which devices are vulnerable:

  • Physical proximity: An attack can only happen when an attacker is in physical proximity to and within wireless range of your network.
  • Time window: An attack can only happen when a client is connecting or reconnecting to a Wi-Fi network.

Unaffected TP-Link products:

All powerline adapters

All mobile Wi-Fi products

Routers and gateways working in their default mode (Router Mode) and AP Mode

Range extenders working in AP Mode

Affected TP-Link products:

Routers working in Repeater Mode/WISP Mode/Client Mode:

TL-WR940N with firmware version 3.17.1 Build 170717 Rel.55495n or earlier (Hardware Version 3.0 or earlier not affected)

TL-WR841Nv13 with firmware version 0.9.1 4.16 v0348.0 Build 170814 Rel.59214n or earlier (Hardware Version 12.0 or earlier not affected)

TL-WR840N with firmware version 0.9.1 4.16 v019a.0 Build 170524 Rel.56478n or earlier (Hardware Version 2.0 or earlier not affected)

TL-WR941HP with firmware version 3.16.9 Build 20170116 Rel.50912n or earlier

TL-WR841HP with firmware version 3.16.9 Build 160612 Rel.67073n or earlier

TL-WR902AC with firmware version 3.16.9 Build 20160905 Rel.61455n or earlier

TL-WR802N with firmware version 0.9.1 3.16 v0188.0 Build 170705 Rel.34179n or earlier

TL-WR810N with firmware version 3.16.9 Build 160801 Rel.57365n or earlier

Routers with WDS function enabled (disabled by default) may be affected. Refer to the FAQ to learn how to check if WDS is enabled on your router. 

Range Extenders working in Repeater Mode during a WPA2 handshake that is initiated only when connecting or reconnecting to a router:

TL-WA850RE with firmware version 1.0.0 Build 20170609 Rel.34153 or earlier

TL-WA855RE with firmware version 1.0.0 Build 20170609 Rel.36187 or earlier

TL-WA860RE with firmware version 1.0.0 Build 20170609 Rel.38491 or earlier

RE200 with firmware version 1.1.3 Build 20170818 Rel.58183 or earlier

RE305 with firmware version 1.0.0 Build 20170614 Rel.42952 or earlier

RE450 with firmware version 1.0.2 Build 20170626 Rel.60833 or earlier

RE500 with firmware version 1.0.1 Build20170210 Rel.59671 or earlier

RE650 with firmware version 1.0.2 Build 20170524 Rel.58598 or earlier

Wireless Adapters:

Archer T6E

Archer T9E

Whole Home Wi-Fi System:

Deco M5               with firmware version 1.1.5 Build 20170820 Rel.62483 or earlier

CPE/WBS/CAP:

CAP300 with firmware version 1.1.0 Build 20170601 Rel.60253 or earlier

CAP300-Outdoor with firmware version 1.1.0 Build 20170601 Rel.60212 or earlier

CAP1750 with firmware version 1.1.0 Build 20170601 Rel.60196 or earlier

CAP1200 with firmware version 1.0.0 Build 20170801 Rel.61314 or earlier

TL-ER604W with firmware version 1.2.0 Build 20160825 Rel.45880 or earlier

CPE520 with firmware version 2.1.6 Build 20170908 Rel.45234 or earlier

韌體版本為 2.1.5 Build 20170830 Rel. 58245 或更早版本的 CPE610

韌體版本為 2.1.6 Build 20170908 Rel. 45233 或更早版本的 CPE510

韌體版本為 2.1.6 Build 20170908 Rel. 45233 或更早版本的 CPE220

韌體版本為 2.1.6 Build 20170908 Rel. 45234 或更早版本的 CPE210

韌體版本為 2.1.0 Build 20170609 Rel. 57434 或更早版本的 WBS210

WBS510,韌體版本 2.1.6 Build 20170908 Rel. 45234 或更早版本

智慧家庭設備:

智慧插座與開關:HS100、HS105、HS110、HS200

智慧型訊號放大器(附插頭):RE350K、RE270K、RE370K

攝影機:NC250、NC260、NC450、KC120

如何保護您的設備

在發佈軟體更新以消除產品漏洞之前,建議採取以下預防措施:

對於無線路由器:請確保您的路由器處於路由器模式或 AP 模式,並修補您的智慧型手機、平板電腦和電腦的作業系統。

對於無線網路卡:修補電腦的作業系統。

微軟安全更新:微軟已修復了https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080中提到的安全性問題。

TP-Link 一直在努力解決受影響的機型問題,並將於未來幾週內透過官方網站發布韌體更新。

 

關聯的 CVE 標識符

以下通用漏洞揭露 (CVE) 識別碼已被分配,用於追蹤哪些產品受到特定類型金鑰重裝攻擊的影響:

  1. CVE-2017-13077:四次握手中成對加密金鑰(PTK-TK)的重新安裝
  2. CVE-2017-13078:四次握手過程中群組金鑰 ​​(GTK) 的重新安裝
  3. CVE-2017-13079:在四次握手過程中重新安裝完整性群組金鑰 ​​(IGTK)
  4. CVE-2017-13080:群組金鑰握手過程中群組金鑰 ​​(GTK) 的重新安裝
  5. CVE-2017-13081:在群組金鑰握手中重新安裝完整性群組金鑰 ​​(IGTK)。
  6. CVE-2017-13082:接受重傳的快速BSS轉換(FT)重新關聯請求,並在處理該請求時重新安裝成對加密金鑰(PTK-TK)。
  7. CVE-2017-13084:PeerKey握手過程中STK金鑰的重新安裝
  8. CVE-2017-13086:在 TDLS 握手過程中重新安裝隧道直接連結設定 (TDLS) 對等金鑰 (TPK)
  9. CVE-2017-13087:處理無線網路管理 (WNM) 睡眠模式回應訊框時重新安裝群組金鑰 ​​(GTK)
  10. CVE-2017-13088:處理無線網路管理 (WNM) 睡眠模式回應訊框時重新安裝完整性群組金鑰 ​​(IGTK)

免責聲明

如果您不採取所有建議的措施,WPA2 的漏洞仍然存在。 TP-Link 對未遵循本聲明中的建議而導致的後果不承擔任何責任。

 

這篇faq是否有用?

您的反饋將幫助我們改善網站

本網站使用 cookie 來改善網站引導、分析線上活動並在我們的網站上提供最佳的使用者體驗。您可以隨時反對使用 cookie。您可以在我們的隱私權政策中找到更多資訊。 不再顯示

Your Privacy Choices

本網站使用 cookie 來改善網站引導、分析線上活動並在我們的網站上提供最佳的使用者體驗。您可以隨時反對使用 cookie。您可以在我們的隱私權政策中找到更多資訊。 不再顯示

These cookies are necessary for the website to function and cannot be deactivated in your systems.

Analysis cookies enable us to analyze your activities on our website in order to improve and adapt the functionality of our website.

The marketing cookies can be set through our website by our advertising partners in order to create a profile of your interests and to show you relevant advertisements on other websites.