To all Digi International Customers,
Digi’s Security Team has been reviewing nine related CVEs, more commonly known as Frag Attack. Frag Attack, or fragmentation and aggregation attacks, states that an adversary who is within range of a victim's Wi-Fi network can abuse these vulnerabilities to steal user information or attack devices.
These vulnerabilities are difficult to perform and carry out because most require a combination of being able to inject 802.11 frames, successfully complete a MITM attack, and successfully socially engineer the victim into bypassing browser warnings about a link or visiting a site hosted by a malicious server. For all the above to succeed, the attacker would need to be sophisticated, onsite, and armed with specialized hardware and software. The Digi Security Team has found that many vendors have released patches or ways to mitigate against these CVEs. Listed below are recommended ways to mitigate against the Frag Attack vulnerabilities on Digi International devices.
To mitigate against Frag Attack Digi suggests doing the following:
If any further vulnerability paths have been discovered regarding the Wi-Fi Frag Attack, please submit the vulnerability on our Digi Security Notification site. To ensure communication please submit your email with the form.
Digi International Security Team
Digi International Devices
Enterprise (DAL OS)
1, 2*, 3a c
Industrial (DAL OS)
Transportation (DAL OS)
TX54 (all variants)
TX64 (all variants)
Infrastructure Management (DAL OS)
AnywhereUSB 8 Wi-Fi Plus
AnywhereUSB 24 Wi-Fi Plus
Connect EZ 4
Legacy (DAL OS)
Embedded (DEY and DEA)
All ConnectCore SOMs,
Digi Embedded Yocto (DEY),
Digi Embedded Android (DEA)
1 (customer to enforce HTTPS configuration)
2 (WPA3 personal for all DEY) (WPA3 Enterprise for CC6UL & CCMP157) °
Infrastructure Management Framework (IMF)
WVA (all variants)
1, 2b, 3c
Z45 Wi-Fi Industrial Controllers
°More devices/platforms will be added throughout the year.