Frag Attack Vulnerability Information

FragAttacks (fr*agmentation and *ag*gregation *attacks) which is a collection of new security vulnerabilities that affect Wi-Fi devices. An adversary that is within range of a victim's Wi-Fi network can abuse these vulnerabilities to steal user information or attack devices. 

Recently, a set of Wi-Fi vulnerabilities, commonly known as “Frag Attacks” were identified. Zebra is aware of these vulnerabilities and is scoping the impact to our products (i.e. handhelds, scanners, and printers).

Zebra devices use Wi-Fi radios provided by third party suppliers. Addressing these vulnerabilities will require an update to these third-party radios. Currently, Zebra is awaiting information from these vendors on their update plans. As this information becomes available, Zebra will update this notice with details on affected products and mitigation plans.

For more information, please click here.

SUPPORT PAGES FOR IMPACTED PRODUCTS:

Operating System Affected Product Release Date
Android 11 All Product 30th September 2021
Android 10 All Product 13th June 2021
Android 9 Handheld computer models: EC30, EC50, EC55, MC9300, MC2200, MC2700, PS20
Touch computer models: TC21, TC26, TC52, TC52x, TC57, TC57x, TC72, TC77, TC8300
Tablets: ET51, ET56, L10
Wearable: WT6300
RFID scanner: MC3300x
Health Care Touch computers models: TC21-HC, TC26-HC, TC52-HC, TC52x-HC
Vehicle-mounted device: VC8300
Interactive kiosks: CC600, CC6000
31st October 2021
Android 8.1 Handheld computer models: EC30, EC50, EC55, MC9300, MC2200, MC2700, PS20
Touch computer models: TC21, TC26, TC52, TC52x, TC57, TC57x, TC72, TC77, TC8300
Tablets: ET51, ET56, L10
Wearable: WT6300
RFID scanner: MC3300x
Health Care Touch computers models: TC21-HC, TC26-HC, TC52-HC, TC52x-HC
Vehicle-mounted device: VC8300
Interactive kiosks: CC600, CC6000
30th September 2021
N/A Zebra Printer with Wi-Fi TBD
N/A Zebra Scanners with Wi-fi TBD

Disclaimer: Zebra makes every attempt to release security updates on or about the time that Google releases its respective security bulletin. However, delivery time of security updates may vary depending on the region, product model, and third party software suppliers. Under some circumstances, the OS must be updated to the latest maintenance release prior to installing the security updates. Individual product updates will provide specific guidance.

Unless otherwise noted, there have been no reports of active customer exploitation or abuse from these newly reported issues.



Are you aware of a potential security issue with a Zebra Technologies product?