FragAttacks - RUCKUS Technical Support Response Center
This page is the primary resource for CommScope RUCKUS customers and partners to address the FragAttacks security vulnerability. This page acts as a central home for support links and content to provide more information about the vulnerability, and other technical resources to assist you with the response to the FragAttacks vulnerability.
Security Bulletin, FAQs, and Knowledge Base
- Security Bulletin 20210511 v1.0 - RUCKUS AP Aggregation And Fragmentation Attacks Vulnerability (aka “FragAttacks”)
- Signed TXT file and PDF formats also available without login on https://www.commscope.com/security-bulletins/ - last updated 11 May 2021
- CVE-2020-24587, CVE-2020-24588, CVE-2020-26139, CVE-2020-26140, CVE-2020-26141, CVE-2020-26143, CVE-2020-26144, CVE-2020-26145, CVE-2020-26146, CVE-2020-26147
- FragAttacks Vulnerability FAQs - last updated 25 May 2021: While the FAQs contain many answers to support-related questions, and you should absolutely read them all, we've surfaced these for quick visibility:
- Q: What if I don’t have an active Support contract with RUCKUS – will I be able to upgrade my software?
A: Yes. You will be able to obtain the patches that are available for your platform even if you don’t have a current support contract.
- Q: I picked up the releases you mention, but the release notes
do not mention anything about the vulnerabilities. Are they really
A: The software versions with fixes and their release notes were made available prior to the public announcements of the FragAttacks vulnerability. In accordance with standard practice, there was an embargo on the public release of information about the vulnerabilities until 11 May 2021. After 11 May 2021, the release notes will be updated to explicitly mention the FragAttacks vulnerability. If you downloaded and installed the software versions mentioned above, please be assured that the fixes are present in the code.
- Recommendations to Protect Wi-Fi Traffic: Management, Control, and Data from Vulnerability Exploitation - KBA # 000011636 -
last updated 11 May 2021
FragAttacks Technical Resources
- Wi-Fi FragAttacks - What You Need to Know blog - last updated 11 May 2021
- Video and Podcast
- CommScope RUCKUS CVE Announcement - FragAttacks YouTube video - last updated 11 May 2021
- Ruckcast Special Addition - FragAttacks with Jim Palmer BuzzSprout podcast - last updated 11 May 2021
- RUCKUS Community Discussion
FragAttacks Security Patch Release Schedules - last updated 10 September 2021
||Target Patch Release Date||802.11ax APs||802.11ac |
Wave 2 APs
|802.11ac Wave 1 APs|
* For R730 APs, please upgrade to SmartZone 5.2.2 or to ZoneFlex 10.4.1.
Please review the Release Notes on the RUCKUS Support Portal for specific release build numbers.
Wi-Fi Technology and Access Points Models- last updated 11 May 2021
|RUCKUS SmartZone** and
|188.8.131.52.1640||21 May 2021
||Yes||Yes||26 November 2021|
|184.108.40.206.1080||8 July 2021
|220.127.116.11.788||14 June 2021||Not Applicable*||Yes||10 October 2021|
|3.4.2||15 July 2021
||Not Applicable||Yes||30 October 2021|
|RUCKUS Cloud||21.03 (Rel Notes)||Rolling updates starting 11 May 2021||Yes||Yes||TBD|
|RUCKUS ZoneDirector||10.4.1.0.257||11 May 2021
|10.2.1.0.200||17 May 2021
||17 May 2021
|RUCKUS Unleashed||18.104.22.168.243||11 May 2021||Yes||Yes||TBD|
|22.214.171.124.127||18 May 2021||Not Applicable||Yes||TBD|
|RUCKUS SmartZone (FIPS)** and
Virtual SmartZone (FIPS)**
||12 July 2021
|126.96.36.199.1232||12 July 2021||Not Applicable||Yes||N/A|
Industry Technical Response and Communications
- Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation by Mathy Vanhoef (New York University Abu Dhabi) - 11 May 2021
- FragAttacks : Security Flaws in All Wi-Fi Devices
- Wi-Fi Alliance® Security Update on FragAttacks - 11 May 2021