TI Product Security Incident Response Team (PSIRT) has analyzed a series of aggregation and fragmentation attacks
against Wi-Fi® devices as published by Mathy Vanhoef and found that TI Wi-Fi components in the CC3xxx and WL18xx
families are potentially vulnerable only to a subset of the attacks. These attacks could potentially lead to
issues such as injection of arbitrary packets. These attacks require physical proximity to the target Wi-Fi devices
and are complicated to exploit. Please reference TI PSIRT security advisory TI-PSRIT-2020-090066 and this
document for additional details.
Affected products and versions
- SimpleLink
Wi-Fi CC323x / CC313x Service Pack 4.9.0.2_3.7.0.1_3.1.0.26 and older - SimpleLink Wi-Fi CC322x / CC312x Service Pack 3.18.0.2_2.7.0.0_2.2.0.7 and older
- SimpleLink Wi-Fi CC320x / CC310x Service Pack 1.0.1.15-2.13.0.2 and older
- WL18xx FW version 8.9.0.0.87 and older
Suggested mitigations
TI has released software updates for both product families that address these potential vulnerabilities. It is
recommended that customers apply the software updates as they become available. The updates have been
released in the following deliverable versions:
- SimpleLink Wi-Fi CC323x / CC313x Service Pack 4.10.0.1_3.7.0.1_3.1.0.26
– Download from the following link: https://www.ti.com/tool/SIMPLELINK-CC32XX-SDK
- SimpleLink Wi-Fi CC322x / CC312x Service Pack 3.19.0.1_2.7.0.0_2.2.0.7
– Download from the following link: https://www.ti.com/tool/SIMPLELINK-CC32XX-SDK
- SimpleLink Wi-Fi CC320x / CC310x Service Pack 1.0.1.15-2.14.0.0
– Download from the following links: https://www.ti.com/tool/download/CC3200SDK
and https://www.ti.com/tool/download/CC3100SDK
- WL18xx FW version 8.9.0.0.88
– Download from the following link: https://git.ti.com/cgit/wilink8-wlan/wl18xx_fw/tree/
