Fragment and Forge vulnerabilities(FragAttacks) Statement
Archer C1200 , Archer C5400 , Archer A2600 , Archer AX55 , Archer C4 , Archer C5200 , Archer AX53 , Archer C5 , Archer AX10 , Archer C2 , Archer AX51 , Deco X68( V1 ) , Archer AX96 , EAP245( V3 ) , Deco X3600(2-pack) , Archer A2200 , Archer C6U , Archer C80 , Archer AXE95 , Archer C8 , Archer AX10000 , Archer C3150 , Archer C9 , Archer AX50 , Archer C6 , Archer C7 , Archer AX90 , Deco X3600 , Archer AX6000 , RE603X( V1 ) , Archer C25 , Archer C24 , Deco X3600(3-pack) , Archer A20 , Archer A64 , Archer C60 , Archer C2600 , Archer A1200 , RE1750X , Archer C21 , Archer C20 , Archer C64 , Archer AX1800 , Deco W7200 , Archer AX206 , Archer C59 , Archer C58 , Archer AX4200 , Archer C3200 , Archer C900 , Archer A2 , Archer AX75 , Archer AX4400 , Archer C3000 , Archer AX73 , Archer C50
Recent updates may have expanded access to feature(s) discussed in this FAQ. Visit your product's support page, select the correct hardware version for your device and check either the Datasheet or the firmware section for the latest improvements added to your product.
For additional information, see: https://www.wi-fi.org/security-update-fragmentation
TP-Link is aware that researchers have disclosed a set of vulnerabilities about Wi-Fi named FragAttacks.
As soon as we became aware of the details, we immediately launched an investigation. As the investigation progresses, TP-Link will update this advisory with information about affected products.
According to the investigation, the following conditions are required to exploit the wireless vulnerability:
- Someone knows your Wi-Fi password and connects to your Wi-Fi network
- Someone needs to intercept communication between your router and devices on your Wi-Fi.
- In order to achieve the purpose of obtaining private information, an attacker would need to trick a user on the network to visit the attacker's server (Phishing Email, malicious ads, etc.).
Workarounds
- Set a strong Wi-Fi password and change it regularly. Being careful not to share your Wi-Fi password.
- Periodically check the devices connected to your network. If you see any unknown device, block these devices and change your Wi-Fi password.
- We recommend that you use HTTPS protocol to access the website. Don't click on emails from unknown recipients or visit suspicious websites.
Affected
TP-Link will update this advisory as new information emerges.
SOHO Router
Model number |
Date |
Fixed in Firmware Version |
Archer AX90(US)_V1.0 |
2021/04/29 |
Archer AX90(US)_V1_210312 |
Archer AX90(EU)_V1.0 |
2021/04/29 |
Archer AX90(EU)_V1_210312 |
Archer AX10(EU)_V1.0 |
2021/05/14 |
Archer AX10(EU)_V1_210420 |
Archer AX10(US)_V1.0 |
2021/05/14 |
Archer AX10(US)_V1_210420 |
Archer AX10(US)_V1.2 |
2021/05/14 |
Archer AX10(US)_V1.2_210421 |
Archer AX20(EU)_V1.0 |
2021/05/17 |
Archer AX20(EU)_V1.0_210514 |
Archer AX20(US)_V1.0 |
2021/05/17 |
Archer AX20(US)_V1.0_210514 |
Archer AX20(US)_V1.2 |
2021/05/17 |
Archer AX20(US)_V1.2_210514 |
Archer AX20(EU)_V2.0 |
2021/05/17 |
Archer AX20(EU)_V2.0_210514 |
Archer AX20(US)_V2.0 |
2021/05/17 |
Archer AX20(US)_V2.0_210514 |
Archer AX1500(EU)_V1.0 |
2021/05/17 |
Archer AX1500(EU)_V1.0_210514 |
Archer AX1500(US)_V1.0 |
2021/05/17 |
Archer AX1500(US)_V1.0_210514 |
Archer AX1500(US)_V1.2 |
2021/05/17 |
Archer AX1500(US)_V1.2_210514 |
Range Extender
Model number |
Date |
Fixed in Firmware Version |
RE505X_V1 |
2021/05/17 |
RE505X_V1_210514 |
RE603X_V1 |
2021/05/17 |
RE603X_V1_210514 |
RE605X_V1 |
2021/05/17 |
RE605X_V1_210514 |
Deco
Model number |
Date |
Fixed in Firmware Version |
Deco X90_V1 |
2021/05/17 |
Deco X90_V1_20210514 |
Deco X68_V1 |
2021/05/17 |
Deco X68_V1_20210514 |
Omada EAP
Model number |
Date |
Fixed in Firmware Version |
EAP245(EU)_V3 |
2021/11/4 |
EAP245(EU)_V3_5.0.4 Build 20211021 |
EAP245(US)_V3 |
2021/11/4 |
EAP245(US)_V3_5.0.4 Build 20211021 |
Revision History
2021-05-14 Published advisory
Disclaimer
FragAttacks vulnerabilities will remain if you do not take all recommended actions. TP-Link cannot bear any responsibility for consequences that could have been avoided by following the recommendations in this statement.
Is this faq useful?
Your feedback helps improve this site.
What’s your concern with this article?
- Dissatisfied with product
- Too Complicated
- Confusing Title
- Does not apply to me
- Too Vague
- Other
We'd love to get your feedback, please let us know how we can improve this content.
Thank you
We appreciate your feedback.
Click here to contact TP-Link technical support.
TP-Link Community
Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.
This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy . Don’t show again
This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy . Don’t show again
Basic Cookies
These cookies are necessary for the website to function and cannot be deactivated in your systems.
TP-Link
accepted_local_switcher, tp_privacy_base, tp_privacy_marketing, tp_smb-select-product_scence, tp_smb-select-product_scenceSimple, tp_smb-select-product_userChoice, tp_smb-select-product_userChoiceSimple, tp_smb-select-product_userInfo, tp_smb-select-product_userInfoSimple, tp_top-banner, tp_popup-bottom, tp_popup-center, tp_popup-right-middle, tp_popup-right-bottom, tp_productCategoryType
Livechat
__livechat, __lc2_cid, __lc2_cst, __lc_cid, __lc_cst, CASID
Youtube
id, VISITOR_INFO1_LIVE, LOGIN_INFO, SIDCC, SAPISID, APISID, SSID, SID, YSC, __Secure-1PSID, __Secure-1PAPISID, __Secure-1PSIDCC, __Secure-3PSID, __Secure-3PAPISID, __Secure-3PSIDCC, 1P_JAR, AEC, NID, OTZ
Analysis and Marketing Cookies
Analysis cookies enable us to analyze your activities on our website in order to improve and adapt the functionality of our website.
The marketing cookies can be set through our website by our advertising partners in order to create a profile of your interests and to show you relevant advertisements on other websites.
Google Analytics & Google Tag Manager
_gid, _ga_<container-id>, _ga, _gat_gtag_<container-id>
Google Ads & DoubleClick
test_cookie, _gcl_au
Meta Pixel
_fbp
Crazy Egg
cebsp_, _ce.s, _ce.clock_data, _ce.clock_event, cebs
Hotjar
OptanonConsent, _sctr, _cs_s, _hjFirstSeen, _hjAbsoluteSessionInProgress, _hjSessionUser_14, _fbp, ajs_anonymous_id, _hjSessionUser_<hotjar-id>, _uetsid, _schn, _uetvid, NEXT_LOCALE, _hjSession_14, _hjid, _cs_c, _scid, _hjAbsoluteSessionInProgress, _cs_id, _gcl_au, _ga, _gid, _hjIncludedInPageviewSample, _hjSession_<hotjar-id>, _hjIncludedInSessionSample_<hotjar-id>
lidc, AnalyticsSyncHistory, UserMatchHistory, bcookie, li_sugr, ln_or