Associated CVE IDs:
Associated CERT/CC VU number: VU#228519
Arlo is aware of WPA-2 security vulnerabilities (known as KRACK attacks) that affect some Arlo products that connect to WiFi networks as clients. These vulnerabilities are potentially exploitable under the following conditions:
If these vulnerabilities are exploited, an attacker could potentially perform the following type of attack, among others:
Arlo camera feed traffic is encrypted and remains protected.
These WPA-2 vulnerabilities affect the following products:
For all Arlo products, firmware updates are sent to your devices automatically. You do not need to update your firmware manually.
Arlo will update this advisory when more information is available.
This document is provided on an "as is" basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information in the document or materials linked from the document is at your own risk. Arlo reserves the right to change or update this document at any time. Arlo expects to update this document as new information becomes available.
Mathy Vanhoef (https://www.krackattacks.com/)
Common Vulnerability Scoring System
CVSS v3 Rating: Medium
CVSS v3 Score: 6.8
CVSS v3 Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
We appreciate and value having security concerns brought to our attention. Arlo constantly monitors for both known and unknown threats. Being proactive rather than reactive to emerging security issues is fundamental for product support at Arlo.
To report a security vulnerability, visit https://www.arlo.com/en-us/about/security/default.aspx.
If you are an Arlo customer with a security-related support concern, you can contact Arlo customer support at firstname.lastname@example.org.