new WiFi router security issues.. are we vulnerable?

[lgkahn]

New AirSnitch attack breaks Wi-Fi encryption in homes, offices, and enterprises

That guest network you set up for your neighbors may not be as secure as you think.

arstechnica.com

 

[Richard1864]

Well, if you use any of the Amplifi models listed, you're definitely vulnerable. None of them have received firmware updates since May 2024.

As the article clearly states, some vendors have released updates to patch at least some of the flaws. No updates with patches, then you're vulnerable. Netgear isn't well-known for security patching, nor is TP-Link.

 

[Ripshod]

Already posted

News - New AirSnitch attack breaks Wi-Fi encryption in homes, offices, and enterprises

https://arstechnica.com/security/2026/02/new-airsnitch-attack-breaks-wi-fi-encryption-in-homes-offices-and-enterprises/

www.snbforums.com

 

[Tech9]

As proof of concept - it probably works if all the requirements are met and they are many. If it was disclosed perhaps most of it was patched already. As testing methodology I see one flaw. When testing stand-alone AP the hack may eventually go through, but when this AP is part of a Network Controller system it will sound an alarm. Most business oriented systems have Rogue AP Detection and it's a Controller function, not the AP. I have clusters of Cisco APs in use for business and they do have Rogue AP Detection. They list detections, wait for action. In UniFi there is Alarm Manager with selectable events. One of them is called Wi-Fi Impersonation Detection and can be set to send push notifications to cell phone. So this part most likely won't work in typical business environment where sysadmins know what to look for:

“This allows the attacker to set up a rogue RADIUS server and associated rogue WPA2/3 access point, which allows any legitimate client to connect, thereby intercepting their traffic and credentials.”