Start a New Discussion

Start a New Discussion

Orbi WiFi 7 RBE973
Reply

R9000 WiFi On/Off button OPENS WiFi to the Public, HUGE Security Flaw!

Johnny54321
Aspirant
Aspirant
‎2018-02-10 02:53 AM
‎2018-02-10 02:53 AM

R9000 WiFi On/Off button OPENS WiFi to the Public, HUGE Security Flaw!

Nighthawk X10 R9000 Router Firmware Version V1.0.3.6

WiFi is configured to use WPA2 Security.

Pushing the WiFi On/Off button for 3 seconds turns of the Button LED, and the Antenna LED's, and Shows WiFi OFF in the RouterConfig

WiFi Button OFF Shows WiFi Turned OFFWiFi Button OFF Shows WiFi Turned OFF

!!!HOWEVER!!! The Router still broadcasts with WiFi turned off, it just broadcasts without the Security Key and is OPEN TO THE PUBLIC.

My network is exposed, and I would like to turn the router on only when it is needed to reduce WiFi radio exposure to myself sitting right next to the router, and to my kids who sleep directly above it.

The Moment I realized the WiFi Off Button just removes security and opens my home network to the Public!The Moment I realized the WiFi Off Button just removes security and opens my home network to the Public!

WiFi Button off, Devices connected and Bandwidth activity showingWiFi Button off, Devices connected and Bandwidth activity showing

WiFi Button off, Devices connected and Bandwidth activity showingWiFi Button off, Devices connected and Bandwidth activity showing

My Thoughts:

This seems like a firmware issue, unfortunately, my 3month support with NetGear has expired a few weeks ago, and I can't submit a ticket without paying $50 for their service.

I am still under warranty, and perhaps sending the router back, and going back to my old router will work, but then I'll just have to reconfigure my network to function without it, and then I wont need it.

Message 1 of 8
0 Kudos
Reply

Accepted Solutions
JamesGL
Master
Master
‎2018-02-27 03:37 PM
‎2018-02-27 03:37 PM

Re: R9000 WiFi On/Off button OPENS WiFi to the Public, HUGE Security Flaw!

Hi Johnny54321,

 

Can you check this firmware.

 

https://kb.netgear.com/000055126/R9000-Firmware-Version-1-0-3-10

 

I tried to reproduce the problem with my R9000 but it works fine.

View solution in original post

Message 5 of 8
Reply

All Replies
FURRYe38
Guru Guru
Guru
‎2018-02-19 04:46 PM
‎2018-02-19 04:46 PM

Re: R9000 WiFi On/Off button OPENS WiFi to the Public, HUGE Security Flaw!

Someting to get ahold of one of the Forum moderators about and ask them for help and info regarding this. 

 

I presume your FW is up to date? Make sure it is. 

 

You might try Voxels R9000 FW. It uses same UI, however back end stuff is better managed. 

https://www.voxel-firmware.com/Downloads/Voxel/html/r9000.html

 

Might give this a try, if same thing still happens then the core NG code would need to be looked at by NG. 

Message 2 of 8
Reply
JamesGL
Master
Master
‎2018-02-19 08:07 PM
‎2018-02-19 08:07 PM

Re: R9000 WiFi On/Off button OPENS WiFi to the Public, HUGE Security Flaw!

Hi Johnny54321,

 

Let me check on this and will get back to you.

Message 3 of 8
Reply
schumaku
Guru Guru
Guru
‎2018-02-20 01:49 AM
‎2018-02-20 01:49 AM

Re: R9000 WiFi On/Off button OPENS WiFi to the Public, HUGE Security Flaw!

@JamesGLwrote:

,Let me check on this and will get back to you.

James, there had ben a few similar reports on this issue before. On my R9000 running 1.0.3.10 (and intermediate builds after .6) I have not seen this (random) behaviour anymore.

 

However, there is a new issue: With WPS disabled (with the WPS button LED off) using the WiFi button to switch off all wireless networks - when switching the wireless networks on again, the WPS button is lit (with SmartConnect enabled). Reported to Tw before the new Chinese new year.

Message 4 of 8
0 Kudos
Reply
JamesGL
Master
Master
‎2018-02-27 03:37 PM
‎2018-02-27 03:37 PM

Re: R9000 WiFi On/Off button OPENS WiFi to the Public, HUGE Security Flaw!

Hi Johnny54321,

 

Can you check this firmware.

 

https://kb.netgear.com/000055126/R9000-Firmware-Version-1-0-3-10

 

I tried to reproduce the problem with my R9000 but it works fine.

Message 5 of 8
Reply
JamesGL
Master
Master
‎2018-02-27 03:43 PM
‎2018-02-27 03:43 PM

Re: R9000 WiFi On/Off button OPENS WiFi to the Public, HUGE Security Flaw!

Hi schumaku,

 

WPS cannot be disabled unless the security is set to WEP. WPS LED will lit off if wireless is disabled on the router and once you have enabled it WPS LED will lit up again.

Message 6 of 8
0 Kudos
Reply
Johnny54321
Aspirant
Aspirant
‎2018-02-27 06:56 PM
‎2018-02-27 06:56 PM

Re: R9000 WiFi On/Off button OPENS WiFi to the Public, HUGE Security Flaw!

That update solved it!

Now, it all works just fine.

 

To recap, I have WPA2 Security on my WiFi Broadcast, and now, when I push the WiFi button on the router, it turns the WiFi On/Off, where as with the previous update, pressing the button would turn On/Off the WPA2 Security and be wide open to the Public.

 

Thank You!

Model: R9000|Nighthawk X10 AD7200 Smart WiFi Router
Message 7 of 8
0 Kudos
Reply
JamesGL
Master
Master
‎2018-02-28 09:10 PM
‎2018-02-28 09:10 PM

Re: R9000 WiFi On/Off button OPENS WiFi to the Public, HUGE Security Flaw!

Hi Johnny54321,

 

I am glad to know it works. 🙂

Message 8 of 8
0 Kudos
Reply
Top Contributors
See All
Discussion stats
  • 7 replies
  • ‎2018-02-10 02:53 AM
  • 3297 views
  • 3 kudos
  • 4 in conversation
Announcements

Orbi WiFi 7