Archer C7 v5 is emitting a hidden network
Hello,
my Archer C7 v5 is emitting a hidden wifi network that I can't explain.
According to a wifi network analyzer, it's MAC address is identical to the MAC addresses of the 2.4 and 5 GHz network, except that the first 6 entries are AA:DA:C4 instead of the TP-link associated 98:DA:C4. The hidden network has same maxium speed of 216.7 Mbps as the 2.4 Ghz network and allows authentication via WPA2 PSK-CCMP.
The hidden network exists independent of the operation mode (Acess Point or Router) and also if both the 2.4 GHz and 5 GHz networks are disabled.
Any ideas what that is?
Best,
Frederik
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
mocelet wrote
@Kevin_Z As others have pointed out, enabling an unknown and not needed network is a potentially huge security issue. What could go wrong? Exactly, if there's any vulnerability in the OneMesh protocol we are sold even if we don't use the feature at all or prefer to use a wired backhaul (which is not even supported, it was an example).
It's like UPnP, WPS (both the infamous PIN mode and the button) and all these features that are supposed to ease the operation of products but in the end they reduce the overall security of your network. Use them if you want, that's fine, but the option to disable them should be there for more security conscious users.
For once, I'm happy the EU version of my Archer C6 has no OneMesh features... and guess I won't upgrade the firmware till there is an option to turn the offending network off.
@mocelet
They actually found a vulnerability related to OneMesh during Pwn2Own (link: www dot zerodayinitiative dot com/blog/2020/4/6/exploiting-the-tp-link-archer-c7-at-pwn2own-tokyo), it can only be exploited by attacker on the LAN side of the router. TP-Link already released a firmware to address this problem.
But since at the hacking contest, they only target one type of router (Archer A7 v5), TP-Link didn't release firmware for other models.
I don't work on infosec, so I'm not sure if this vulnerability can also be exploited on their other routers.
But I'm kinda worried to be honest. For example, the Archer C7 v5 and A7 v5 models have identical hardware, but they didn't release any firmware for C7.
- Copy Link
- Report Inappropriate Content
I'd expect a product to allow me to disable/enable features however I wish.
That's basic really.
You can't broadcast a wireless communication without an explicit consent of the consumer.
- Copy Link
- Report Inappropriate Content
@lemon That vulnerability is quite interesting, and as usual it comes from a hidden endpoint the user doesn't even know about: Tether app does not communicate through HTTP API but its own custom UDP protocol that apparently doesn't require authentication for some commands. That's... obscure.
See, hidden features and non standard ways to do stuff are always a security risk.
Plus turns out it's the OneMesh control part the one vulnerable, even if you don't use OneMesh.
So, please @Kevin_Z , convince your engineers that OneMesh features should be disabled if the customer does not want to use OneMesh. The fact that Access Point mode also has this weird wireless network when it is not even compatible with OneMesh looks like a bug too, like others pointed out.
- Copy Link
- Report Inappropriate Content
the hiden SSID is for wireless backhaul between the mesh dots. There is nothing to worry about it.
I observed same phenonmenon of NETGEAT/ASUS mesh dots.
If you ready EasyMesh protocol which is standardlized by WiFi Alliacne carefully, you will find they deploy mesh wireless backhaul using the same mechanisim.
I cannot post URL here, you can can go to WiFi Alliacne website and find it by yourselves if you have interest.
- Copy Link
- Report Inappropriate Content
@matthew.mfden The point we are discussing is that, if you don't have a mesh, there's absolutely no need to have an always on active wireless network that could turn into a security vulnerability.
Plus, even in access point mode (which does NOT support OneMesh) there is that active WiFi network for no reason.
Of course, if you do have a mesh system it's easy to understand it's the wireless backhaul. If you don't, there's no need for any backhaul.
- Copy Link
- Report Inappropriate Content
@Kevin_Z could you please start answering to the messages and threads? Calling the TP-Link support is pointless, as there are only people with very basic knowledge sitting, mostly for sales reasons.
- Copy Link
- Report Inappropriate Content
Hi All,
Sorry for my delay reply. Thank you for your concerns and suggestions.
The hidden SSID is for OneMesh and it's very safe. It doesn't have any security vulnerabilities.
I will forward these feedbacks to our product team.
- Copy Link
- Report Inappropriate Content
@Nn7 I have just updated mine, and have those hidden ssids. But the biggest problem for me is that the channel selection I have is not respected. I want channel 13 (less use in my zone), and router takes channel 6!!
- Copy Link
- Report Inappropriate Content
@Kevin_Z I have with the Archer A7 a similar problem: https://community.tp-link.com/en/home/forum/topic/205296?replyId=434324. Even when turning off the 2,4 GHz radio network the Archer A7 is emitting a hidden network on the 2,4 GHz.
That is in my opinion definitely a bug and not a feature. "Disable the radio" means disabling it not only hiding the SSID.
In general it should be possible to deaktivate the onemesh feature: Any feature as some security risk, there is nothing like a 100% secure technology.
If this will not be fixed I will just return the router to the dealer...
- Copy Link
- Report Inappropriate Content
@Kevin_Z I own an Archer C6 v2.0 and this hidden network is really annoying. I have tried downgrading with tftpd32 but the router refuses the older firmware version...
In addition to a possible security risk, i don't have a mesh system and don't intent to have one, i just need that network disabled!
btw: like some said, after reboot the wifi channel selection is not respected in this router too.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 10
Views: 67489
Replies: 105