This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy

Security Notice - Statement on Multiple Security Vulnerabilities in WPA/WPA2

  • SA No:huawei-sn-20171017-01-wpa-en
  • Initial Release Date: Oct 17, 2017
  • Last Release Date: Nov 20, 2017

On October 16, 2017, an article titled "Key Reinstallation Attacks: Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2" was released, which mentioned multiple security vulnerabilities in protocols Wi-Fi Protected Access (WPA) and WPA2.

The researcher had reported some of these vulnerabilities to Huawei before disclosing them. Huawei immediately launched investigation and carried out technical communication with the researcher.

At present, the products that are affected by vulnerabilities include Android-based Huawei smart phone and Huawei smart home products (Huawei smart router, Honor smart router and Honor TV Box).

The products that are not affected by vulnerabilities include:

AC6003

AC6005

AC6605

ACU2

AD9430DN-12

AD9430DN-24

AD9431DN-24X

AP1000 series

AP2000 series

AP3000 series

AP4000 series

AP5000 series

AP6000 series

AP7000 series

AP8000 series

AP9000 series

AR100-S series

AR100 series

AR110-S series

AR1200 series

AR120-S series

AR120 series

AR1220-S series

AR1500 series

AR150-S series

AR150 series

AR1600 series

AR160-S series

AR160 series

AR200-S series

AR200 series

AR2200-S series

AR2200 series

AR2500 series

AR3200-S series

AR3200 series

AR3600 series

AR500 series

AR502 series

AR510 series

AR530 series

AR550 series

AT815SN

NetEngine16EX series

R230D

R240D

R250D

R250D-E

R450D

WA653SN

Huawei has delivered Security Advisory. The link of the security advisory is:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171117-01-wpa-en

Customers can get necessary support for product security vulnerabilities through Huawei local technical service.


2017-11-20 V1.4 UPDATED Added the link of SA
2017-10-26 V1.3 UPDATED Updated the products list
2017-10-19 V1.2 UPDATED Updated the products list
2017-10-18 V1.1 UPDATED Added the affected products
2017-10-17 V1.0 INITIAL

Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.

To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.
To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.