Re: Firmware update or OS?
After a read through the (now published) details and paper, another lucky save is that this is a [strong]client[/strong] attack. So unless you are running your routers in a client configuration (like as a repeater) or have fast roaming enabled on them, this does not have any effect.
It's just OSs that need patching, so your PCs, phones and other devices.
It also requires that the attacker is [emphasis]already on the WiFi as a client[/emphasis], i.e. already knows your WPA2 key / has a WPA enterprise connection.
The patch is also fully backwards compatible, so unpatched devices can communicate with patched ones on the same network.
The big patching headache is going to be all the specialist devices used in business and industry that don't receive vendor patches or are a massive pain to patch, and any old home gear lying around that has reached vendor imposed obsolescence - though someone being able to crack the encryption on the connection your WiFi radio uses is unlikely to be a problem.