cancel
Showing results for 
Search instead for 
Did you mean: 

Major Security Flaw in AI-Mesh using AXE11000 as primary with non 6GHz nodes

TechGuy42
Level 9
After further troubleshooting this issue, I changed the WiFi 6 SSID so all 3 radios should broadcast separate SSIDs... after resetting and re-configuring the node, it started broadcasting the AXE11000's 6 GHz WiFi SSID as the node's 5GHz SSID but as an open network. Now that this open network has a unique SSID, I was able to connect to it and it gave me an internet connection.

I feel this is a major security risk to anyone using a non WiFi 6 node with the AXE11000 as the primary, its quite easy for this to go unnoticed especially if someone uses the same SSID for all three radios. Customer service could care less... someone will contact me "within 48 hours" and I've heard that on 4 separate calls this past week but their last email was 2 weeks ago

Nearly $600 for this router and you'd think their support would put more urgency to squashing security related bugs

For reference, here is the thread detailing how I discovered this and what the expected behavior should be
4,921 Views
34 REPLIES 34

Saltgrass
Level 13
What you are pointing out has been known for a while. But since your mesh notes cannot see the 6 GHz radio, it is doing something else, possibly related to the Back Channel. If you figure it out for sure, let us know.

Having an unsecured 6 GHz radio might cause you problems if someone has a phone with that capability. I keep mine set to WPA3 so a user has to have a password to get on that network.

As an update to everyone, I am now on Windows 11 (21H2) and even though the announcement about Win 11 states 6 GHz capability has been included, I still cannot get my computer to set up the radio without the registry mod. or sign in using the password option..
Maximus Z790 Hero,
Intel i9-13900k
Intel BE200

Saltgrass wrote:
Having an unsecured 6 GHz radio might cause you problems if someone has a phone with that capability. I keep mine set to WPA3 so a user has to have a password to get on that network.


I think I'm not explaining myself well, there is no issue with the AXE11000 6GHz... it puts a password if I set it to wpa3 and type one in, I just dont have any devices to connect to 6GHz yet so I've turned off the 6GHz radio on the AXE11000.

The issue is that the mesh node (AC68U) is broadcasting an open 5GHz network when its set to be wpa2... and this network SSID matches whats typed in on the AXE11000 6GHz radio, so the node (AC86U) is also broadcasting the incorrect SSID with no way to change either setting. I can only turn off WiFi 5 on the node (AC68U) so that nobody can connect to the open network

TechGuy42 wrote:
I think I'm not explaining myself well, there is no issue with the AXE11000 6GHz... it puts a password if I set it to wpa3 and type one in, I just dont have any devices to connect to 6GHz yet so I've turned off the 6GHz radio on the AXE11000.

The issue is that the mesh node (AC68U) is broadcasting an open 5GHz network when its set to be wpa2... and this network SSID matches whats typed in on the AXE11000 6GHz radio, so the node (AC86U) is also broadcasting the incorrect SSID with no way to change either setting. I can only turn off WiFi 5 on the node (AC68U) so that nobody can connect to the open network


Sometimes it is hard to understand certain aspects of the settings. But I can put a password in the 6 GHz radio, I just can't sign in to that from my computer. It says the radio is using an out of date security and just won't connect. I can use the 6 GHz Radio if I leave it open with the Enhanced Open option..

Are you using Ethernet Back Haul? If you aren't then the 86U has to connect to the AXE11000 with one of it two radios..and you can check how good that connection is.. I start getting confused about this time because I am not that familiar with how the Mesh works. But I do know Ethernet does show a network SSID when connected from a computer..

When you get a new Wi-Fi card and Microsoft or Intel turn on the 6 GHz radio on our systems, maybe will have a better idea of what is happening.
Maximus Z790 Hero,
Intel i9-13900k
Intel BE200

Saltgrass wrote:
Are you using Ethernet Back Haul?


Yes

Heres my attempt at a visual of how it should broadcast like this:
EXPECTED BEHAVIOR
(AXE11000) Primary
2.4 SSID- A password protected
5 SSID- B password protected
6 SSID- C password protected

(RT-AC68U) Node
2.4 SSID- A password protected
5 SSID- B password protected

However, it behaves like this:
UNEXPEXTED BEHAVIOR
(AXE11000) Primary
2.4 SSID- A password protected
5 SSID- B password protected
6 SSID- C password protected

(RT-AC68U) Node
2.4 SSID- A password protected
5 SSID- C open network

As you can see, AC68U broadcasting SSID C when it should be broadcasting SSID B, because SSID C is configured for the 6GHz radio on the AXE11000

TechGuy42 wrote:
Yes

Heres my attempt at a visual of how it should broadcast like this:

However, it behaves like this:

(AXE11000) Primary
2.4 SSID- A password protected
5 SSID- B password protected
6 SSID- C password protected

(RT-AC68U) Node
2.4 SSID- A password protected
5 SSID- C open network


If the 68U had an open network then you could get on it without a password. Just like I can get on the 6 GHz network when it is set to open..

Can you log on to any of your networks without a password? If you try, make sure and tell Windows to "Forget" all you networks so it won't automatically enter a password for you.

Try unplugging the Ethernet Back Haul so all traffic has to go to the Router using Wireless. Try turning off Wireless on the AXE11000 when you have the Ethernet Back Haul connected and see if you can still connect to the Internet..

Are you showing any unsecured networks in your area? I am fairly sure you are not at risk because of an open network.
Maximus Z790 Hero,
Intel i9-13900k
Intel BE200

Saltgrass wrote:
If the 68U had an open network then you could get on it without a password

Yes, exactly... But that is a big problem when that network is supposed to have a password. If I leave the 68U 5GHz radio on, it is always open network and I can connect... but it should have password so this is a problem


Saltgrass wrote:
Try unplugging the Ethernet Back Haul so all traffic has to go to the Router using Wireless. Try turning off Wireless on the AXE11000 when you have the Ethernet Back Haul connected and see if you can still connect to the Internet..

I have tried every variation of radios on/off and with/out ethernet backhaul, no matter how I configure... the 68U is always broadcasting 5GHz as open network when its suppose to have password


Saltgrass wrote:
Are you showing any unsecured networks in your area? I am fairly sure you are not at risk because of an open network.

There are no open networks near me, if I leave the 68U 5GHz radio on, anyone driving by or neighbors can connect so yes this is a major security risk

TechGuy42 wrote:
Yes, exactly... But that is a big problem when that network is supposed to have a password. If I leave the 68U 5GHz radio on, it is always open network and I can connect... but it should have password so this is a problem]


I asked you this question and you sort of skipped over the answer without actually giving one. This is what I found to be the answer to that question.

If you have had Win 10 forget all your known Wi-Fi networks, then that computer will not be able to wirelessly join your network without a password. And if you have the 6 GHz radio set with WPA-3 security, the network is password protected and secure .. and I know that for sure since I just reconfigured my entire network to test..

My system is set to use Ethernet Back Haul only and I see no mention of the 6 GHz SSID, except in the section shown below. The info shown is confusing but the actual radio for that SSID is not available to my AX92U or 68U..

89403
Maximus Z790 Hero,
Intel i9-13900k
Intel BE200

TechGuy42 wrote:
Yes

Heres my attempt at a visual of how it should broadcast like this:
EXPECTED BEHAVIOR
(AXE11000) Primary
2.4 SSID- A password protected
5 SSID- B password protected
6 SSID- C password protected

(RT-AC68U) Node
2.4 SSID- A password protected
5 SSID- B password protected

However, it behaves like this:
UNEXPEXTED BEHAVIOR
(AXE11000) Primary
2.4 SSID- A password protected
5 SSID- B password protected
6 SSID- C password protected

(RT-AC68U) Node
2.4 SSID- A password protected
5 SSID- C open network

As you can see, AC68U broadcasting SSID C when it should be broadcasting SSID B, because SSID C is configured for the 6GHz radio on the AXE11000


What is the firmware ver. on RT-AC68U?

wilsondenq wrote:
What is the firmware ver. on RT-AC68U?


Current Version : 3.0.0.4.386_43129-g60defb2