Wireless Krack Vulnerability
Zyxel is aware of the recently found key management vulnerabilities of the WiFi Protected Access II (WPA2) security protocol, as identified in US-CERT vulnerability note VU#228519, with vulnerable IDs CVE-2017-13077 through CVE-2017-13082.
What are the vulnerabilities?
These vulnerabilities affect wireless products that connect to WiFi networks in different ways, depending on the role of products as WiFi clients or servers, as described in Zyxel's Security Advisory - click here
It is important to note that the vulnerability is discovered in the protocol itself, so even a correct implementation is affected.
Mikrotik have already released fixed versions that address the outlined issues. Not all of the discovered vulnerabilities directly impact RouterOS users, or even apply to RouterOS, but we did follow all recommendations and improved the key exchange process according to the guidelines we received from the organizations who discovered the issue.
Mikrotik released fixed versions last week, so if you upgrade your devices routinely, no further action is required.