Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CVE-2022-25667

    Scheduled Pinned Locked Moved
    Wireless
    3
    10
    691
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Antibiotic
      last edited by

      Man-in-the-Middle Attacks without Rogue AP:
      When WPAs Meet ICMP Redirects. Any tips how to avoid this on pfSense with wireless AP point on.

      pfSense plus 24.11 on Topton mini PC
      CPU: Intel N100
      NIC: Intel i-226v 4 pcs
      RAM : 16 GB DDR5
      Disk: 128 GB NVMe
      Brgds, Archi

      R 1 Reply Last reply Reply Quote 0
      • R
        rcoleman-netgate Netgate @Antibiotic
        last edited by

        @antibiotic said in CVE-2022-25667:

        Any tips how to avoid this on pfSense with wireless AP point on.

        Get a dedicated Wireless AP. The built-in WiFi in FreeBSD has almost no support upstream and is thus severely handcuffed in pfSense.

        Ryan
        Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
        Requesting firmware for your Netgate device? https://go.netgate.com
        Switching: Mikrotik, Netgear, Extreme
        Wireless: Aruba, Ubiquiti

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          That looks like a firmware vulnerability not an issue that would affect FreeBSD/pfSense directly.

          A 1 Reply Last reply Reply Quote 0
          • A
            Antibiotic @stephenw10
            last edited by

            @stephenw10 So, if have wireless AP directly on pfsense box, this will not touch me. Is is corerct?

            pfSense plus 24.11 on Topton mini PC
            CPU: Intel N100
            NIC: Intel i-226v 4 pcs
            RAM : 16 GB DDR5
            Disk: 128 GB NVMe
            Brgds, Archi

            R 1 Reply Last reply Reply Quote 0
            • R
              rcoleman-netgate Netgate @Antibiotic
              last edited by

              @antibiotic We aren't able to tell you one way or the other as this vulnerability appears to be applicable to certain hardware.

              For best wireless experiences you are best suited not using the pfSense to host your wireless and leaving that to a dedicated appliance.

              Ryan
              Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
              Requesting firmware for your Netgate device? https://go.netgate.com
              Switching: Mikrotik, Netgear, Extreme
              Wireless: Aruba, Ubiquiti

              A 1 Reply Last reply Reply Quote 0
              • A
                Antibiotic @rcoleman-netgate
                last edited by

                @rcoleman-netgate Having use pfsense now on old laptop and WiFi working fine with Atheros chip.

                pfSense plus 24.11 on Topton mini PC
                CPU: Intel N100
                NIC: Intel i-226v 4 pcs
                RAM : 16 GB DDR5
                Disk: 128 GB NVMe
                Brgds, Archi

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  What Atheros chip? What firmware version is it running?

                  It's hard to tell from the reports exactly where the issue is. They list chipsets that are wifi cards but also refer to NPUs which seem more like a complete access point device.

                  A 1 Reply Last reply Reply Quote 0
                  • A
                    Antibiotic @stephenw10
                    last edited by

                    @stephenw10 class=0x028000 rev=0x01 hdr=0x00 vendor=0x168c device=0x002b subvendor=0x1a3b subdevice=0x1089
                    vendor = 'Qualcomm Atheros'
                    device = 'AR9285 Wireless Network Adapter (PCI-Express)'

                    pfSense plus 24.11 on Topton mini PC
                    CPU: Intel N100
                    NIC: Intel i-226v 4 pcs
                    RAM : 16 GB DDR5
                    Disk: 128 GB NVMe
                    Brgds, Archi

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      That's not one of the listed chipsets. Probably too old, pre-Qualcom.

                      Might be vulnerable to something else though. WIFI is inherently vulnerable IMO.

                      A 1 Reply Last reply Reply Quote 0
                      • A
                        Antibiotic @stephenw10
                        last edited by

                        @stephenw10 OK , thank you

                        pfSense plus 24.11 on Topton mini PC
                        CPU: Intel N100
                        NIC: Intel i-226v 4 pcs
                        RAM : 16 GB DDR5
                        Disk: 128 GB NVMe
                        Brgds, Archi

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post