IPv6 firewall missing on Deco S1900 - serious security vulnerability
Hi all,
I am configuring a Deco mesh system in conjunction with Starlink Gen3 router in bypass mode.
Starlink gives public IPv6 addresses to every customer.
I enabled IPv6 on the Deco and configured the network so that clients can receive and use IPv6 addresses.
I used SLAAC and RDNSS so that also Android clients can obtain public addresses.
All works fine since this and IPv6 website and services can be used.
I then discovered a SERIOUS SECURITY ISSUE with the current firmware.
There is NO FIREWALL at the moment protecting the devices from the Internet.
Any open port on each device is accessible from the outside.
Every inbound connection to each IPv6 address is forwarded to the device.
I suggest a new firmware is developed blocking all inbound connections by default and then allowing the user to forward desired ports (like is available for IPv4 right now).
For the moment, until the issue is resolved, I've disabled IPv6 on the network for security reasons.
Many thanks and best regards
Skinoku
Hi, thank you very much for the feedback.
It should be the opposite. Deco is blocking all the inbound IPV6 connections, and you need extra port forwarding to access the internal IPV6 devices.
Wait for your reply.
Best regards.