mocelet wrote

@Kevin_Z As others have pointed out, enabling an unknown and not needed network is a potentially huge security issue. What could go wrong? Exactly, if there's any vulnerability in the OneMesh protocol we are sold even if we don't use the feature at all or prefer to use a wired backhaul (which is not even supported, it was an example).

 

It's like UPnP, WPS (both the infamous PIN mode and the button) and all these features that are supposed to ease the operation of products but in the end they reduce the overall security of your network. Use them if you want, that's fine, but the option to disable them should be there for more security conscious users.

 

For once, I'm happy the EU version of my Archer C6 has no OneMesh features... and guess I won't upgrade the firmware till there is an option to turn the offending network off.

@mocelet 

They actually found a vulnerability related to OneMesh during Pwn2Own (link: www dot zerodayinitiative dot com/blog/2020/4/6/exploiting-the-tp-link-archer-c7-at-pwn2own-tokyo), it can only be exploited by attacker on the LAN side of the router. TP-Link already released a firmware to address this problem.

But since at the hacking contest, they only target one type of router (Archer A7 v5), TP-Link didn't release firmware for other models.

I don't work on infosec, so I'm not sure if this vulnerability can also be exploited on their other routers. 
But I'm kinda worried to be honest. For example, the Archer C7 v5 and A7 v5 models have identical hardware, but they didn't release any firmware for C7.
 

@Kevin_Z 

I'd expect a product to allow me to disable/enable features however I wish.
That's basic really.

You can't broadcast a wireless communication without an explicit consent of the consumer.

@lemon That vulnerability is quite interesting, and as usual it comes from a hidden endpoint the user doesn't even know about: Tether app does not communicate through HTTP API but its own custom UDP protocol that apparently doesn't require authentication for some commands. That's... obscure.

See, hidden features and non standard ways to do stuff are always a security risk.

Plus turns out it's the OneMesh control part the one vulnerable, even if you don't use OneMesh.

So, please @Kevin_Z , convince your engineers that OneMesh features should be disabled if the customer does not want to use OneMesh. The fact that Access Point mode also has this weird wireless network when it is not even compatible with OneMesh looks like a bug too, like others pointed out.

@Aquafox 

the hiden SSID is for wireless backhaul between the mesh dots. There is nothing to worry about it.

I observed same phenonmenon of NETGEAT/ASUS mesh dots.

If you ready EasyMesh protocol which is standardlized by WiFi Alliacne carefully, you will find they deploy mesh wireless backhaul using the same mechanisim.

I cannot post URL here, you can can go to WiFi Alliacne website and find it by yourselves if you have interest.

@matthew.mfden The point we are discussing is that, if you don't have a mesh, there's absolutely no need to have an always on active wireless network that could turn into a security vulnerability.

Plus, even in access point mode (which does NOT support OneMesh) there is that active WiFi network for no reason.

Of course, if you do have a mesh system it's easy to understand it's the wireless backhaul. If you don't, there's no need for any backhaul.

@Kevin_Z could you please start answering to the messages and threads? Calling the TP-Link support is pointless, as there are only people with very basic knowledge sitting, mostly for sales reasons. 

@Nn7 I have just updated mine, and have those hidden ssids. But the biggest problem for me is that the channel selection I have is not respected. I want channel 13 (less use in my zone), and router takes channel 6!!

@Kevin_Z I have with the Archer A7 a similar problem: https://community.tp-link.com/en/home/forum/topic/205296?replyId=434324. Even when turning off the 2,4 GHz radio network the Archer A7 is emitting a hidden network on the 2,4 GHz.

That is in my opinion definitely a bug and not a feature. "Disable the radio" means disabling it not only hiding the SSID.

In general it should be possible to deaktivate the onemesh feature: Any feature as some security risk, there is nothing like a 100% secure technology.

If this will not be fixed I will just return the router to the dealer...

@Kevin_Z I own an Archer C6 v2.0 and this hidden network is really annoying. I have tried downgrading with tftpd32 but the router refuses the older firmware version...

In addition to a possible security risk, i don't have a mesh system and don't intent to have one, i just need that network disabled!

btw: like some said, after reboot the wifi channel selection is not respected in this router too.