Page 1 of 2 1 2 LastLast
Results 1 to 10 of 19
  1. #1
    New ROGer Array TechGuy42 PC Specs
    TechGuy42 PC Specs
    Laptop (Model)HP ENVY 17m-ae011dx
    Motherboard834D
    Processori7-7500U @ 2.70GHz
    Memory (part number)16GB
    Graphics Card #1Intel Onboard HD Graphics 620
    Graphics Card #2NVIDIA GeForce 940MX
    Headset Arctis 9x
    OS Windows 10 Home
    Network RouterAXE11000

    Join Date
    Jun 2021
    Reputation
    8
    Posts
    26

    Exclamation Major Security Flaw in AI-Mesh using AXE11000 as primary with non 6GHz nodes

    After further troubleshooting this issue, I changed the WiFi 6 SSID so all 3 radios should broadcast separate SSIDs... after resetting and re-configuring the node, it started broadcasting the AXE11000's 6 GHz WiFi SSID as the node's 5GHz SSID but as an open network. Now that this open network has a unique SSID, I was able to connect to it and it gave me an internet connection.

    I feel this is a major security risk to anyone using a non WiFi 6 node with the AXE11000 as the primary, its quite easy for this to go unnoticed especially if someone uses the same SSID for all three radios. Customer service could care less... someone will contact me "within 48 hours" and I've heard that on 4 separate calls this past week but their last email was 2 weeks ago

    Nearly $600 for this router and you'd think their support would put more urgency to squashing security related bugs

    For reference, here is the thread detailing how I discovered this and what the expected behavior should be
    Last edited by TechGuy42; 08-21-2021 at 04:59 PM.

  2. #2
    ROG Guru: Orange Belt Array Saltgrass PC Specs
    Saltgrass PC Specs
    MotherboardMaximus XIII Hero
    Processori9 11900K
    Graphics Card #1EVGA RTX 3090 FTW
    Sound CardOn Board
    MonitorDell AW3420DW
    Storage #1Samsung 980 Pro 2 TB
    Storage #2Samsung 860 Pro 1 TB
    CPU CoolerCooler Master Hyper 212X
    CaseCooler Master
    Power SupplyAntec HCP Platinum 1000
    Keyboard ASUS Strix Flare
    Mouse ASUS Chakram
    Headset/Speakers Logitech wired 5.1
    OS Win 10 Pro
    Network RouterROG Rapture GT-AX11000/AXE11000
    Accessory #1 VR Headset
    Accessory #2 Saitek X52

    Join Date
    Jan 2014
    Reputation
    18
    Posts
    408

    What you are pointing out has been known for a while. But since your mesh notes cannot see the 6 GHz radio, it is doing something else, possibly related to the Back Channel. If you figure it out for sure, let us know.

    Having an unsecured 6 GHz radio might cause you problems if someone has a phone with that capability. I keep mine set to WPA3 so a user has to have a password to get on that network.

    As an update to everyone, I am now on Windows 11 (21H2) and even though the announcement about Win 11 states 6 GHz capability has been included, I still cannot get my computer to set up the radio without the registry mod. or sign in using the password option..

  3. #3
    New ROGer Array TechGuy42 PC Specs
    TechGuy42 PC Specs
    Laptop (Model)HP ENVY 17m-ae011dx
    Motherboard834D
    Processori7-7500U @ 2.70GHz
    Memory (part number)16GB
    Graphics Card #1Intel Onboard HD Graphics 620
    Graphics Card #2NVIDIA GeForce 940MX
    Headset Arctis 9x
    OS Windows 10 Home
    Network RouterAXE11000

    Join Date
    Jun 2021
    Reputation
    8
    Posts
    26

    Quote Originally Posted by Saltgrass View Post
    Having an unsecured 6 GHz radio might cause you problems if someone has a phone with that capability. I keep mine set to WPA3 so a user has to have a password to get on that network.
    I think I'm not explaining myself well, there is no issue with the AXE11000 6GHz... it puts a password if I set it to wpa3 and type one in, I just dont have any devices to connect to 6GHz yet so I've turned off the 6GHz radio on the AXE11000.

    The issue is that the mesh node (AC68U) is broadcasting an open 5GHz network when its set to be wpa2... and this network SSID matches whats typed in on the AXE11000 6GHz radio, so the node (AC86U) is also broadcasting the incorrect SSID with no way to change either setting. I can only turn off WiFi 5 on the node (AC68U) so that nobody can connect to the open network

  4. #4
    ROG Guru: Orange Belt Array Saltgrass PC Specs
    Saltgrass PC Specs
    MotherboardMaximus XIII Hero
    Processori9 11900K
    Graphics Card #1EVGA RTX 3090 FTW
    Sound CardOn Board
    MonitorDell AW3420DW
    Storage #1Samsung 980 Pro 2 TB
    Storage #2Samsung 860 Pro 1 TB
    CPU CoolerCooler Master Hyper 212X
    CaseCooler Master
    Power SupplyAntec HCP Platinum 1000
    Keyboard ASUS Strix Flare
    Mouse ASUS Chakram
    Headset/Speakers Logitech wired 5.1
    OS Win 10 Pro
    Network RouterROG Rapture GT-AX11000/AXE11000
    Accessory #1 VR Headset
    Accessory #2 Saitek X52

    Join Date
    Jan 2014
    Reputation
    18
    Posts
    408

    Quote Originally Posted by TechGuy42 View Post
    I think I'm not explaining myself well, there is no issue with the AXE11000 6GHz... it puts a password if I set it to wpa3 and type one in, I just dont have any devices to connect to 6GHz yet so I've turned off the 6GHz radio on the AXE11000.

    The issue is that the mesh node (AC68U) is broadcasting an open 5GHz network when its set to be wpa2... and this network SSID matches whats typed in on the AXE11000 6GHz radio, so the node (AC86U) is also broadcasting the incorrect SSID with no way to change either setting. I can only turn off WiFi 5 on the node (AC68U) so that nobody can connect to the open network
    Sometimes it is hard to understand certain aspects of the settings. But I can put a password in the 6 GHz radio, I just can't sign in to that from my computer. It says the radio is using an out of date security and just won't connect. I can use the 6 GHz Radio if I leave it open with the Enhanced Open option..

    Are you using Ethernet Back Haul? If you aren't then the 86U has to connect to the AXE11000 with one of it two radios..and you can check how good that connection is.. I start getting confused about this time because I am not that familiar with how the Mesh works. But I do know Ethernet does show a network SSID when connected from a computer..

    When you get a new Wi-Fi card and Microsoft or Intel turn on the 6 GHz radio on our systems, maybe will have a better idea of what is happening.

  5. #5
    ROG Enthusiast Array
    Join Date
    Apr 2020
    Reputation
    32
    Posts
    68

    open ssid

    Quote Originally Posted by TechGuy42 View Post
    After further troubleshooting this issue, I changed the WiFi 6 SSID so all 3 radios should broadcast separate... after resetting and re-configuring the node, it started broadcasting the AXE11000's 6 GHz WiFi SSID as the node's 5GHz SSID but as an open network. Now that this open network has a unique SSID, I was able to connect to it and it gave me an internet connection.

    I feel this is a major security risk to anyone using a non WiFi 6 node with the AXE11000 as the primary, its quite easy for this to go unnoticed especially if someone uses the same SSID for all three radios. Customer service could care less... someone will contact me "within 48 hours" and I've heard that on 4 separate calls this past week but their last email was 2 weeks ago

    Nearly $600 for this router and you'd think their support would put more urgency to squashing bugs
    Did your issue like this thread? https://rog.asus.com/forum/showthrea...Only-quot-SSID

  6. #6
    New ROGer Array TechGuy42 PC Specs
    TechGuy42 PC Specs
    Laptop (Model)HP ENVY 17m-ae011dx
    Motherboard834D
    Processori7-7500U @ 2.70GHz
    Memory (part number)16GB
    Graphics Card #1Intel Onboard HD Graphics 620
    Graphics Card #2NVIDIA GeForce 940MX
    Headset Arctis 9x
    OS Windows 10 Home
    Network RouterAXE11000

    Join Date
    Jun 2021
    Reputation
    8
    Posts
    26

    Quote Originally Posted by Saltgrass View Post
    Are you using Ethernet Back Haul?
    Yes

    Heres my attempt at a visual of how it should broadcast like this:
    EXPECTED BEHAVIOR
    (AXE11000) Primary
    2.4 SSID- A password protected
    5 SSID- B password protected
    6 SSID- C password protected

    (RT-AC68U) Node
    2.4 SSID- A password protected
    5 SSID- B password protected

    However, it behaves like this:
    UNEXPEXTED BEHAVIOR
    (AXE11000) Primary
    2.4 SSID- A password protected
    5 SSID- B password protected
    6 SSID- C password protected

    (RT-AC68U) Node
    2.4 SSID- A password protected
    5 SSID- C open network

    As you can see, AC68U broadcasting SSID C when it should be broadcasting SSID B, because SSID C is configured for the 6GHz radio on the AXE11000
    Last edited by TechGuy42; 07-20-2021 at 10:57 PM.

  7. #7
    New ROGer Array TechGuy42 PC Specs
    TechGuy42 PC Specs
    Laptop (Model)HP ENVY 17m-ae011dx
    Motherboard834D
    Processori7-7500U @ 2.70GHz
    Memory (part number)16GB
    Graphics Card #1Intel Onboard HD Graphics 620
    Graphics Card #2NVIDIA GeForce 940MX
    Headset Arctis 9x
    OS Windows 10 Home
    Network RouterAXE11000

    Join Date
    Jun 2021
    Reputation
    8
    Posts
    26

    Quote Originally Posted by wilsondenq View Post
    No, that is a separate issue, another thread I made to keep each issue separate to its own thread

  8. #8
    ROG Guru: Orange Belt Array Saltgrass PC Specs
    Saltgrass PC Specs
    MotherboardMaximus XIII Hero
    Processori9 11900K
    Graphics Card #1EVGA RTX 3090 FTW
    Sound CardOn Board
    MonitorDell AW3420DW
    Storage #1Samsung 980 Pro 2 TB
    Storage #2Samsung 860 Pro 1 TB
    CPU CoolerCooler Master Hyper 212X
    CaseCooler Master
    Power SupplyAntec HCP Platinum 1000
    Keyboard ASUS Strix Flare
    Mouse ASUS Chakram
    Headset/Speakers Logitech wired 5.1
    OS Win 10 Pro
    Network RouterROG Rapture GT-AX11000/AXE11000
    Accessory #1 VR Headset
    Accessory #2 Saitek X52

    Join Date
    Jan 2014
    Reputation
    18
    Posts
    408

    Quote Originally Posted by TechGuy42 View Post
    Yes

    Heres my attempt at a visual of how it should broadcast like this:

    However, it behaves like this:

    (AXE11000) Primary
    2.4 SSID- A password protected
    5 SSID- B password protected
    6 SSID- C password protected

    (RT-AC68U) Node
    2.4 SSID- A password protected
    5 SSID- C open network
    If the 68U had an open network then you could get on it without a password. Just like I can get on the 6 GHz network when it is set to open..

    Can you log on to any of your networks without a password? If you try, make sure and tell Windows to "Forget" all you networks so it won't automatically enter a password for you.

    Try unplugging the Ethernet Back Haul so all traffic has to go to the Router using Wireless. Try turning off Wireless on the AXE11000 when you have the Ethernet Back Haul connected and see if you can still connect to the Internet..

    Are you showing any unsecured networks in your area? I am fairly sure you are not at risk because of an open network.

  9. #9
    New ROGer Array TechGuy42 PC Specs
    TechGuy42 PC Specs
    Laptop (Model)HP ENVY 17m-ae011dx
    Motherboard834D
    Processori7-7500U @ 2.70GHz
    Memory (part number)16GB
    Graphics Card #1Intel Onboard HD Graphics 620
    Graphics Card #2NVIDIA GeForce 940MX
    Headset Arctis 9x
    OS Windows 10 Home
    Network RouterAXE11000

    Join Date
    Jun 2021
    Reputation
    8
    Posts
    26

    Quote Originally Posted by Saltgrass View Post
    If the 68U had an open network then you could get on it without a password
    Yes, exactly... But that is a big problem when that network is supposed to have a password. If I leave the 68U 5GHz radio on, it is always open network and I can connect... but it should have password so this is a problem


    Quote Originally Posted by Saltgrass View Post
    Try unplugging the Ethernet Back Haul so all traffic has to go to the Router using Wireless. Try turning off Wireless on the AXE11000 when you have the Ethernet Back Haul connected and see if you can still connect to the Internet..
    I have tried every variation of radios on/off and with/out ethernet backhaul, no matter how I configure... the 68U is always broadcasting 5GHz as open network when its suppose to have password


    Quote Originally Posted by Saltgrass View Post
    Are you showing any unsecured networks in your area? I am fairly sure you are not at risk because of an open network.
    There are no open networks near me, if I leave the 68U 5GHz radio on, anyone driving by or neighbors can connect so yes this is a major security risk

  10. #10
    ROG Guru: Orange Belt Array Saltgrass PC Specs
    Saltgrass PC Specs
    MotherboardMaximus XIII Hero
    Processori9 11900K
    Graphics Card #1EVGA RTX 3090 FTW
    Sound CardOn Board
    MonitorDell AW3420DW
    Storage #1Samsung 980 Pro 2 TB
    Storage #2Samsung 860 Pro 1 TB
    CPU CoolerCooler Master Hyper 212X
    CaseCooler Master
    Power SupplyAntec HCP Platinum 1000
    Keyboard ASUS Strix Flare
    Mouse ASUS Chakram
    Headset/Speakers Logitech wired 5.1
    OS Win 10 Pro
    Network RouterROG Rapture GT-AX11000/AXE11000
    Accessory #1 VR Headset
    Accessory #2 Saitek X52

    Join Date
    Jan 2014
    Reputation
    18
    Posts
    408

    Let's try one more thing. When you are connected to the "Open" network, if you look in settings, Wi-Fi-, it shows the network profile type. Look down below the SSID section and see what the Security type: is.

    In Win 11, you can just select the info symbol on your connected network to go to the same place..

    I suppose I need to set my AX92U up again as a Mesh Node to test..

    Click image for larger version. 

Name:	Local Networks.JPG 
Views:	0 
Size:	28.2 KB 
ID:	89259
    Last edited by Saltgrass; 07-05-2021 at 06:57 PM.

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •