Multiple vulnerabilities are found in WPA2 encryption protocol for Wi-Fi. An attacker within range of a Wi-Fi network access point and client may be exploited by hackers using the vulnerabilities, resulting in arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or replay of unicast, broadcast, and multicast frames.
The exploit may allow packet sniffing, connection hijacking, malware injection, and even decryption of the protocol itself. A successful attack could lead to data leakage even the data is encrypted by the WPA2 protocol.
Lists of affected devices and fixed version are available in the following URL:
https://www.kb.cert.org/vuls/id/228519/
The above list is not exhaustive and it is strongly recommended to consult the product supplier and/or device manufacturer if the systems have Wi-Fi capabilities.
To mitigate the risk of being compromised by the vulnerabilities, users should observe the following:
https://www.krackattacks.com/
https://papers.mathyvanhoef.com/ccs2017.pdf
https://www.hkcert.org/my_url/en/alert/17101701
https://www.kb.cert.org/vuls/id/228519/
https://www.us-cert.gov/ncas/current-activity/2017/10/16/CERTCC-Reports-WPA2-Vulnerabilities
http://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2017-13077 ( to CVE-2017-13082)
http://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2017-13084
http://cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2017-13086 ( to CVE-2017-13088)