Hi,
I have a Nighthawk 7000V2 (fully patched to firmware V1.0.0.53_1.0.2) and I appear to have run into a security bug, with regards to network isolation of devices on the guest network, which should be relatively easy to replicate on other Nighthawk 7000V2 routers.
After hearing about the fact that some "internet of things" devices, Smart TVs and the like can have weak security, and can often have exploits that can be hacked, and also even sneakily gather information about your network to use for whatever purposes, as part of their terms and conditions, I decided to try and isolate these sort of devices. As as far as I'm concerned, all they really need is internet access, and that's all they should have. On my old router I could set a network isolation setting to isolate all wireless devices, with no requirement to talk to or even know about other devices on my network, and that's what I wanted to do with the Nighthawk 7000V2.
But I came a little unstuck with the Nighthawk, as there didn't seem to be an isolation option in the wifi settings. But, after a bit of googling, I discovered that if I set up a wifi guest network, I could isolate devices on this instead. And this seems a more elegant solution than just restricting all wifi devices (although a blanket isolation option would also be nice!). Great! Problem solved...or so I thought.
So I set up the guest network, and set up different SSIDs (I decided to set up both 2.4Ghz and 5Ghz) and set different passwords for it. As of course the main purpose of this guest network was to network isolate anything I connected to it, and only allow it internet access, I left both check boxes on both the 2.4Ghz and 5Ghz for "Allow guests to see each other and access my local network" as the default, unchecked.
I then decided to test out the guest network by connecting up one PC to the regular wifi and SSID, and connect up a PC running Linux to the guest network and run nmap on this linux PC connected to the guest network...
Bad news. Things didn't seem as they should be, as I could see the other PC and the MAC address of it's wifi. The isolation is not working, plain and simple. In fact if I connect anything else to the network, I can see them and their MAC addresses, too.
Also if I connect both PCs to the guest network, the other PC's still just as visible.
One oddity I did note, though, is the over-sharing bug only occurs when I run as superuser, using sudo. I'm not sure what's making this difference, but I suspect that this security feature is coming from my PC's linux install, and I don't really feel this should make any difference as to whether the Nighthawk reveals it's network, as any compromised device on the network could choose to present itself as under the eqivalent of superuser control, surely? Like I say, though, I think it's probably my linux install that's doing the descriminating.
So this is what I'm running at the linux command line if anyone has a linux setup and wants to replicate what I'm seeing. You might have to use apt-get or the like to install nmap, of course:
sudo nmap -sP 192.168.0.0/24
To me this looks like a clear bug to me and security hole in the firmware, right? I can't really see what else can explain it.
Other points I should make:
When I discovered the problem, I decided to patch the Nighthawk with the latest firmware to see if that would fix the problem. Nope, still there. So as stated, the Nighthawk is patched to the latest firmware edition, version V1.0.0.53_1.0.2. It hasn't fixed the issue.
I've also checked back with my old router for a comparison, using the same PCs, and the visibility of my other PC appears and disappears when I turn the wifi network isolation on and off. So, it really doesn't look like I'm doing anything wrong.
Like I say, it should be easily replicatable.
So, any chance of a firmware patch, if other people can replicate what I'm seeing and confirm the bug?
