These are the router makers that have patched KRACK WPA2 Wi-Fi flaws

Router Ports
Router Ports (Image credit: Windows Central)

An exploit that has taken the "protected" out of Wi-Fi Protected Access II (WPA2) means that your wireless network is likely not as safe as you once thought. What security researcher Mathy Vanhoef is calling "KRACK" attacks the handshake portion of the WPA2 protocol. Mobile Nations Senior Editor Jerry Hildenbrand put together a comprehensive guide on exactly how the exploit works and how you can protect yourself, also mentioning some information on patches containing a fix. To help you stay on top of which vendors are patching the vulnerability, we rounded them up here.

Router vendors that have issued KRACK patches

As mentioned in Hildenbrand's article, the best way to protect yourself from this exploit is to not use Wi-Fi at all until a proper fix has been proven. CERT has released notes on the KRACK problem, including a list of vendors whose equipment is vulnerable.

Some security-minded companies have already worked on fixes and are offering patches for both client and router. Check back often, as we will keep this list updated.

There are also a number of vendors listed as "Not affected" on the CERT website without further explanation from the vendors themselves. These include:

Furthermore, some companies have posted bulletins regarding their products that weren't affected.

Last updated: October 20, 2017, 12:21 pm EDT

Cale Hunt
Senior Editor, Laptop Reviews

Cale Hunt is a Senior Editor at Windows Central. He focuses mainly on laptop reviews, news, and accessory coverage. He's been reviewing laptops and accessories full time since 2016, with hundreds of reviews published for Windows Central. He is an avid PC gamer and multi-platform user, and spends most of his time either tinkering with or writing about tech.

39 Comments
  • This should be relevant at WINDOWS central, right? https://www.theverge.com/2017/10/16/16481818/wi-fi-attack-response-secur...
  • That's a short list of patched brand/models. So basically every consumer Wi-Fi router in existence is effected. F'ing wonderful.
  • Yep, no one is invulnerable. Patches or buying a newer router are the only options.
  • From what I gather a patch for the OS should be sufficient and patching the router is only going to help when using the router as a wireless client?
    This due to the fact that it is replaying messages to the client in the handshake process, not the router itself. Why buying a new router would help, I do not understand...
  • Hopefully TP-Link updates the Archer C9 model. The V1 and V3 models haven't seen an update in a year according to their support section.
  • TP-Link don't even appear to be listed on the site listing vulnerable companies? Sounds like they are not a priority. Bit of a worry as my father has one of their routers as suggested by me for a bargain unit that does alright. Why aren't they even listed I wonder?
  • If you're referring to the list on this page, that's a list of companies that have patched the issue or will with a future update. There is a short list of routers that aren't affected at all. The list is being updated regularly. Half the list wasn't there earlier today.
  • Yea, TP-LINK have now been added. No other info though. None for Netgear either, which I have (box owned by cable company). So as far as my father and I are concerned, it's no wifi for you. What a mess.
  • Also Archer C7 has no patched firmware update available (the latest firmware version is from 2015, and I already had it). This is weak from what is the leading Chinese router supplier, since they should have been aware of this vulnerability for some time. I have always been very happy with TP-Link routers, but this is cause for concern. I hate unhelpful suggestions for Android users to "apply the patch". Exactly HOW is that supposed to be done then?
  • I have the archer c7 and you can put open-wrt/LEDE, dd-wrt or gargoyle custom firmwares on it (although US models on latest firmware cannot load custom firmware because the FDA banned it). Mine runs gargoyle who are currently testing the patch
  • Johan, there are more recent firmware available for your Archer C7, you can find them here: http://www.tp-link.com/us/download/Archer-C7.html#Firmware. Sadly, the one w/a fix for KRACKs is still not available.
  • TP-Link posted a message on their support site about KRACK and I got an email response from them. The Archer C9 (and other routers but check your model to be sure) is protected as long as it's in the default router mode or AP mode then you're already safe and don't need an update. You should still check their website to see if there is a newer firmware version than what you have isntalled.
  • I guess I have to wait for dd-wrt to be patched
  • The list was updated, and it looks like DD-wrt was added.
  • OpenWRT LEDE has a fix https://git.lede-project.org/?p=source.git;a=commit;h=bbda81ce3077dfade2...
  • Appreciate it.
  • So...  Clickbait titles still?  This is client based from what I saw.  Meaning, the router can't fix it afaik.  Is it client based or router based?
  • Both. You need to update your devices and router to be fully secured. Windows 10 was updated last Tuesday.
  • The issue is that router OEM's are notorious for neglecting products with security patches, especially older routers.
  • Only if the Router/AP supports client-mode AFAIK. If it only supports AP-mode it won't make a difference?
  • The list which you have given is very small, where is d-link router. What is the status?
  • Their list is just to say what companies already have patches/updates available and a few that aren't affected somehow. Feel free to go on D-link's site and see if they recently released an update. comment back here if they have so WC can update this list.
  • D-Link doesn't consider this an issue with Routers or Access Points, and makes the point you should update your client devices.  Note from their website: Regarding security updates for my  Wi-Fi Access Points, Wi-Fi Routers, or Wi-Fi Gateways? The primary security risk is an attack against the "4-way handshake" in WPA2 between Wi-Fi access points and Wi-Fi client devices. This attack does not present a risk to Wi-Fi access points, consumer Wi-Fi routers and gateways, but instead targets clients devices . For consumers users, your priority should be updating devices such as laptops and smartphones.
  • D-Link have subsequently changed their response- see http://www.dlink.com/uk/en/support/support-news/2017/october/18/response-to-krack-wpa2-key-reinstallation-attack-security-vulnerability. At the time that I am writing this, they state "This security concern appears to be an industry-wide issue that will require firmware patches to be provided from the relevant semiconductor chipset manufacturers. Therefore, D-Link requested their assistance and, as soon as the firmware patches are received, they will be posted on our websites." By the time that you are reading this, their response may be more concrete. They also currently provide the following recommendation: "In the meantime, we highly recommend our customers to protect their privacy by using encrypted communications protocols such as VPN or HTTPS, especially when delivering confidential information. Please keep checking our website for the newest firmware updates."
  • I didn't see Linksys on the list of affected routers. Are they not affected?
  • Their list is just to say what companies already have patches/updates available and a few that aren't affected somehow. The article is very clear about this. Feel free to go on Linksys's site and see if they recently released an update. comment back here if they have so WC can update this list.
  • Belkin is listed as Unknown which bought Linksys a few years ago...
  • Just did a search and didn't realized Cisco had sold Linksys to Belkin.  I thought they still owned them.
  • The image used for this story is the back of a BT router, but BT isn't in the list of fixed or vulnerable manufacturers! I hate that sloppy reporting.
  • talk about your nit-picking!
  • How is it nit-picking? I've got one of those routers.
  • Does anyone know which Netgear routers are affected, like the 7900 or others?
  • So is TP-Link just not gonna bother or what?
  • it's better to install dd-wrt or openwrt on your tp-link router. most of tp-link routers are supported. you can check if your router is supported here. http://www.dd-wrt.com/site/support/router-database
  • This flaw has been resolved but hackers will always find ways to break into your system to steal information/data or for whatever they want. We need to take all the necessary precautions. A few are listed here: https://www.windowscentral.com/e?link=https2F%2Fclick.linksynergy.co...
  • Great list.  Broadcom, Realtek, Mediatek, Qualcomm WLAN chipsets are also in our fleet. They are not on your list!
  • Official Communication from OpenMesh (OpenMesh APs)
    In reference to Security Notice: Key Reinstallation Attack.
    Fix:
    A new version of 6.3 firmware (6.3.16) was pushed Tuesday, October 17. An update to 6.4 firmware (6.4.2) will be available soon.
  • I get my WAN through an AT&T modem/router so I reckon I am vulnerable there. I have a ASUS RT-AC3100 router that I haven't added to my system yet, still in the box. Can this be used as an additional layer to keep things safe? I came so close to getting the Synology one with similar specs just because of their reputaton. I expect CPU and GPU to be obsolete as soon as I add them to a unit but who woulda guessed that a month after a router purchase that it would be so last-year..
  • You have a great router, but the main issues are your devices or the clients that link to your router, and if you used free WiFi when out and about.  Note-your router can  be setup to be a VPN server that you can use when at home or anywhere- creating secure tunnel to negate Krack. But might not allow network links to other devices on network.... Note.  Also you can change the firmware on the Asus to use WRT Merlin software which is cleaner and updated quicker.  But update devices when patches are available or replace older devices with new ones that can update when patches are available.  Am Android guy but feel have to recommend people buy Apple iDevices as they at least get updates past 2 years, and quicker than people like Samsung. Who I love, but they don't update or patch well.  Windows 7,8 and 10 already patched so update.  Hope this helps.  NOTE- other routers can also use 3rd party software wrt-dd etc. Google your router.  Take care when using free VPN supplier as they may log your Internet usage and sell that. Better to use your own. Either on router, computer, or cloud server. Speed will depend on your Internet isp if at home.