Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Major Security Flaw in AI-Mesh using AXE11000 as primary with non 6GHz nodes

TechGuy42
Level 9

‎06-29-2021 08:58 AM

After further troubleshooting this issue, I changed the WiFi 6 SSID so all 3 radios should broadcast separate SSIDs... after resetting and re-configuring the node, it started broadcasting the AXE11000's 6 GHz WiFi SSID as the node's 5GHz SSID but as an open network. Now that this open network has a unique SSID, I was able to connect to it and it gave me an internet connection.

I feel this is a major security risk to anyone using a non WiFi 6 node with the AXE11000 as the primary, its quite easy for this to go unnoticed especially if someone uses the same SSID for all three radios. Customer service could care less... someone will contact me "within 48 hours" and I've heard that on 4 separate calls this past week but their last email was 2 weeks ago

Nearly $600 for this router and you'd think their support would put more urgency to squashing security related bugs

For reference, here is the thread detailing how I discovered this and what the expected behavior should be
0 Kudos
817 Views
34 REPLIES 34

anotherMatt
Level 8
In response to jzchen

‎01-02-2024 05:26 PM

Okay, I was hyperfocused on the AXE11000, I was not planning on making any changes to the nodes if I didn't have to, since this seems to be stemming from the AXE11000.

0 Kudos

jzchen
Level 17
In response to anotherMatt

‎01-02-2024 05:43 PM - edited ‎01-02-2024 06:55 PM

I had an unsecured SSID from an RT-AC68U once.  There was an update to the RT-AC68U and the unsecured SSID disappeared.  (I honestly suspect a node issue).  It appears I may have misunderstood your post again!  (Again my apologies).

So your AXE11000 is now broadcasting a 6 GHz dedicated backhaul channel SSID_dwb?

But I was originally correct your nodes are AX (XT8)?  I would focus on manually flashing those based on hardware version, as very unusually they are different based on HW Ver 1 or HW Ver 2.  (06/13/2023 7:15 am post on this thread unsecured SSID gone on RT-AC68U after flashing an update for it)…

0 Kudos

anotherMatt
Level 8

‎01-02-2024 05:13 PM

I have found a temporary solution...

Downgraded the gt-axe11000 to Version 3.0.0.4.388.22525.

in the web portal, under aimesh -> system settings tab, turn off ethernet backhaul mode.

no longer broadcasting ssid unsecured.  Instead it is now broadcasting a secured network with the ssid "Hidden Network".

 I am still using ethernet back haul.  And all seems secure and stable.  However the 6Ghz is now being used as a dedicated backhaul. 

I can live with this. for now.  I will hold my breath for a new firmware update and try more things when that happens.

TonyDTiger
Level 9
In response to anotherMatt

‎01-04-2024 06:57 PM

This is probably the worse tip because I’m just speaking from memory but before i updated my routers firmware there was a time period where the 5Ghz-2 band was broadcasting as the same SSID as the 6Ghz band.  That was mad decent over an unsecured network but oh well this whole process has been a headache so I haven’t bothered to tinker with it after disabling the secondary band lol

0 Kudos

Saltgrass
Level 15
In response to anotherMatt

‎01-08-2024 04:10 PM - edited ‎01-08-2024 04:13 PM

Hey anotherMatt, this is a situation where I believe what you see is not what you get.   A great deal of confusion can result as trying to understand how some of this works.  So maybe, if I bring up some things, we can discuss it further.

When you use the AXE11000 to set up a Mesh Node, it does all the configuration.   So, all the security info you gave the AXE11000 is included in that setup.

Once the Nodes are set up, they offer networks, from the primary router whereby you can connect through the Backhaul.

The XT8s have 3 radios, one 2.4GHz, and two 5.0.  Two of those radios will align with the AXE11000 since it has one 2.4, one 5.0, and 1 6GHz.  When you log into the system and it goes to the Mesh Node, it gives you networks on the primary router you can use.  You only see the 6GHz because the Backhaul allows.   So, when you use that network, you are not using a 6GHz radio because the XT8 does not have one.  You are just using the network on the primary router.

Something you might try, is to join the 6GHz network and verify you are a client of the Mesh Node.  Then, turn off the 6GHz radio on the primary router.   Or, turn off the radio first and see if it is still offered through the Mesh Node.

Since you are a client of the Mesh Node, you should still be able to use the 6GHz network.

I have to believe; ASUS would not be allowing all of its users to work with no security on a wireless network.   

 

Maximus Z890 Hero,
Intel Core Ultra 9 285K
0 Kudos