Hello! Has anyone noticed that the Orbi creates an unencrypted WiFi network (as well as an encrypted one with the same name, and you only get to see the encrypted one on most phones)? My configuration: Latest firmware from the site today (and the previous firmwares do this)AP Mode or router modeWPA2 enabled (not 3) with password. Reboot - you get 2 networks on 5g, one encrypted and not encrypted on the satellites. Logged into the sattelite web interface to confirm it (and logging in passwordless on my devices as well. Shocking). This is absolutely not what I expected for the price. The worst thing is it doesn't even tell you it's doing it - I only caught this because it flashed up briefly after a rebbot on my phone before being de-duplicated with the encrypted one - at that time I checked, and was able to join unencrypted with another device. I can't believe nobody has noticed this!

Lets troubleshoot this first before claiming nobody saw this. Mines working and I haven't seen this. One user did report this earlier this year and we believe it was fixed with a reset and setup. Lets factory reset the RBR and RBS. Press the reset button on each for 15 secons then release. Complete the RBR setup wizard. I would not sync the RBS until after the setup wizard completes. Do this with a wired PC and web browser with the RBR. After you get the RBR setup, take 1 RBS, while in same room as the RBR, and sync the RBS to the RBR by pressing the sync button on the back of the RBS first, then RBR. Or use the RBRs Add Satellite web feature. Wait for the front to turn BLUE then give about 5 minutes. Check the RBS web page for WPA status. If you have a 2nd RBS, do same process to re-sync it. How was the RBR and RBS updated? Automatically or manually download FW files? What is the size of your home? Sq Ft?What is the distance between the router and 📡 satellite(s)? 30 feet or more is recommended in between RBR and RBS📡 to begin with depending upon building materials when wirelessly connected.

I'll correct that by first stating that it's likely 2 tech savvy people have noticed this issue (whereas scores of non-tech savvy people who may not know, have not). Also, depending on your country, this could make some people directly liable for (even unwittingly) running an open AP should it be abused.I have already reset the AP twice and gone through the setup process. However I will follow your instructions and do it 'your way'. Regardless of this however, this is a serious bug and it needs to be addressed with a firmware update. There will be many non-tech people who are unwittingly running an open, insecure network because of this.

I now have this working, the setup process is completley borked making assumptions about the network it is plugged into that it should not be. It is impossible to use the normal setup process, so I eventually worked around it.m Setup assumption that it can always have 192.168.1.1 (it cannot, another device has that on this network).Setup assumption that I want to use this as a router and not a simple AP. (I have a proper firewall for my gateway, orbi will never be more than an AP)Setup assumption that the wifi name I choose is not already active (as being retired, but not yet). This completley screws up the setup process. Additionally: Netgear-Guest appears randomly each time the orbi devices are rebooted. This should never happen, even for a second as it's not configured. If the setup fails to complete for whatever reason, an insecure AP will be created on 5G alongside an encrypted one. The app will not notify you have an insecure network, and will not sync the proper settings to the satellite routers to secure the network. Only a full reset cures this and working around issues with the setup. There is no notification to the user that the network is in this insecure state, so they don't know to fix it. This could be trivial to put into the app as you could be in deep water in some countries for running an open AP (GPDR, anti terrorism laws relating to WiFi(I kid not), etc).All of this stems from inadequate testing.To answer your previous questions regarding firmwares, I was able to reproduce this on the original factory firmware and the latest firmware (as in my screenshot). All orbis were in the same room. Firmware was updated manually. The app will also let you abort the setup process halfway through (and then let you in as if it was fully completed). I used the web interface in all instances to configure the router (after realising that the app was, basically, "not good at all")I'm wondering if this is worth a CVE as there will be people unawares that they are running an open access point.

Just to add to this, another bug: Setup the main and satellites in the same room (eventually) all working fine. Move the satellites to their respective locations - one of them has wired backhaul. Watch in amazement as that paticular satellite no longer appears on the 'attached devices' list, yet is somehow working, but can't be re-added to the list so I can't remotely see what it's status is anymore. Also, web firmware crashes in said sattelite when you do anything other than view the initial web page - clicking on a link borks it. Not impressed. Firmware. Seemingly written and tested by noddy.

What FW version are you actually using?

Insecure WiFi on RBR850 when WPA2 used

15 Replies

FURRYe38
Guru
Aug 04, 2021
Lets troubleshoot this first before claiming nobody saw this. Mines working and I haven't seen this. One user did report this earlier this year and we believe it was fixed with a reset and setup.

Lets factory reset the RBR and RBS. Press the reset button on each for 15 secons then release. Complete the RBR setup wizard. I would not sync the RBS until after the setup wizard completes. Do this with a wired PC and web browser with the RBR.

After you get the RBR setup, take 1 RBS, while in same room as the RBR, and sync the RBS to the RBR by pressing the sync button on the back of the RBS first, then RBR. Or use the RBRs Add Satellite web feature.

Wait for the front to turn BLUE then give about 5 minutes. Check the RBS web page for WPA status. If you have a 2nd RBS, do same process to re-sync it.

How was the RBR and RBS updated? Automatically or manually download FW files?

What is the size of your home? Sq Ft?
What is the distance between the router and 📡 satellite(s)? 30 feet or more is recommended in between RBR and RBS📡 to begin with depending upon building materials when wirelessly connected.
- piemmm
  Aspirant
  Aug 05, 2021
  I'll correct that by first stating that it's likely 2 tech savvy people have noticed this issue (whereas scores of non-tech savvy people who may not know, have not). Also, depending on your country, this could make some people directly liable for (even unwittingly) running an open AP should it be abused.
  
  I have already reset the AP twice and gone through the setup process. However I will follow your instructions and do it 'your way'. Regardless of this however, this is a serious bug and it needs to be addressed with a firmware update.
  
  There will be many non-tech people who are unwittingly running an open, insecure network because of this.
  - piemmm
    Aspirant
    Aug 05, 2021
    I now have this working, the setup process is completley borked making assumptions about the network it is plugged into that it should not be. It is impossible to use the normal setup process, so I eventually worked around it.m
    
    Setup assumption that it can always have 192.168.1.1 (it cannot, another device has that on this network).
    Setup assumption that I want to use this as a router and not a simple AP. (I have a proper firewall for my gateway, orbi will never be more than an AP)
    Setup assumption that the wifi name I choose is not already active (as being retired, but not yet). This completley screws up the setup process.
    
    Additionally:
    
    Netgear-Guest appears randomly each time the orbi devices are rebooted. This should never happen, even for a second as it's not configured.
    
    If the setup fails to complete for whatever reason, an insecure AP will be created on 5G alongside an encrypted one. The app will not notify you have an insecure network, and will not sync the proper settings to the satellite routers to secure the network. Only a full reset cures this and working around issues with the setup.
    
    There is no notification to the user that the network is in this insecure state, so they don't know to fix it. This could be trivial to put into the app as you could be in deep water in some countries for running an open AP (GPDR, anti terrorism laws relating to WiFi(I kid not), etc).
    
    All of this stems from inadequate testing.
    
    To answer your previous questions regarding firmwares, I was able to reproduce this on the original factory firmware and the latest firmware (as in my screenshot). All orbis were in the same room. Firmware was updated manually. The app will also let you abort the setup process halfway through (and then let you in as if it was fully completed). I used the web interface in all instances to configure the router (after realising that the app was, basically, "not good at all")
    
    I'm wondering if this is worth a CVE as there will be people unawares that they are running an open access point.

Forum Discussion

Insecure WiFi on RBR850 when WPA2 used