Re: Security problem with wireless 2 profile on Orbi Pro firmware

ThaMichie · ‎2019-06-19

Hi,

It's displaying duplicates and they do not disappear. It only affects Wifi 2 on firmware 2.3.1.100.

Downgrading to the previous firmware fixes this issue.

schumaku · ‎2019-06-20

@ThaMichie wrote:
Since I upgraded to 2.3.1.100 Orbi sends out 2x the same SSID of network 2.
....
It's displaying duplicates and they do not disappear.

Complete unclear - where and how do you see the same SSID multiple times and/or where do you see duplicates?

ThaMichie · ‎2019-06-20

I don't understand how difficult this can be...

Like I already said 2 times but will list the same info 1 more time:

1. All wifi devices show the SSID of wifi 2 (Employee network) duplicate and keep switching between both. (It's sending out the same SSID 2 times).

2. 2.4Ghz and 5 Ghz seperation is DISABLED.

3. I'm on firmware 2.3.1.100 where this bug happens, when I downgrade my wifi devices just show 1x the SSID of wifi 2 a,nd stay on it.

4. Resetting the devices or upgrading after the downgrade just presents the same bug.

It's completely clear for me that this is has something to do with the introduction of the 2.4ghz / 5ghz seperation feature as the previous firmware does not have the same behaviour.

Screenshot of my phone attached.

schumaku · ‎2019-06-20

@ThaMichie wrote:
I don't understand how difficult this can be...
Like I already said 2 times but will list the same info 1 more time:

1. All wifi devices show the SSID of wifi 2 (Employee network) duplicate and keep switching between both. (It's sending out the same SSID 2 times).

It was difficult to understand because all radios on the Orbi are configured to the same SSID, so announcing the same name.... similar on a large scale WiFi deployment, there are many radios all using the same name, same SSID, but different BSSID (radio MAC). And normal wireless clients will show just the one SSID. The very same SSID does show up only once on the usual wireless clients - regardless if there are one, two, or ten AP radios in reach.

No idea what makes the wireless client list the apparently same SSIDs multiple times. Would require some further investigation. Does the "keep switching" (how do you know which is which?) happen between the 2.4 and 5 GHz or between different Orbi units? Unfortunately, the "connected devices" lists might not be updated in a very dynamic way - but here you might find some indications.

ThaMichie · ‎2019-06-20

I was investigating this and could see them jumping at one point on my laptop and phone. Thinking of it, it could also have been switching to a stronger signal of a nearby orbi unit. Regardless of this, after a couple days of testing, the connection and speed seem to be stable.

The router and both sattelites we have all send out the double SSID.

schumaku · ‎2019-06-20

@ThaMichie wrote:
The router and both sattelites we have all send out the double SSID.

The only point I can think about is that the clients recognize two different, only apparenty under the same name, networks could be a very inconsistent configuration of the radios. Some insight from a WiFi Analyzer App would be interesting, e.g. if some of the capability "labels" added differ between the two, e.g. RSN-PSK-CCMP, ESS, WPS, ... or of there is kind of an "invisible" character part of the suspect duplicate SSID. Because if things would be the same, the clients will show the same SSID only once.

For the record, this is what an Android device (Google Pixel 2) does show in the WiFi Picker (Developer Options - Enable Wi-Fi Verbose Logging enabled) - all these radios are using the same name, same SSID of course, but come under different BSSID (MAC) obviously:

Here the Wi-Fi Analyzer view of the similar environment - here you see that all have the same network name (SSID) ... however normally things are only listed once:

MrJoshW · ‎2019-06-24

Hello,

Spoke to engineering regarding the duplicate SSIDs being displayed in Orbi Pro. This has been looked into by engineering and will be addressed in the upcoming July firmware release for this product.

ThaMichie · ‎2019-06-24

Ok, thank you!

Retired_Member · ‎2019-07-07

I have an Orbi Pro with single satellite connected using ethernet backhaul. I noted while running firmware 2.3.1.100 that my normally secure via WPA2 second wireless network was presenting two versions of my named second wireless network with one being properly secured with WPA2 and the other being open. This alarmed me because I don't want to provide an open network via the second channel but rather expect it to be secured via the settings I made for that second wireless SSID. I figured there must be a newer firmware to fix this problem so I checked and indeed found 2.3.5.106. Once installed, I was horrified to see once again that the second named wireless network was appearing once as a secure and a second identically named as an open network. I spotted these from both an iPhone and a windows PC. I tested to see if the network would really be accessible when open and indeed, I could join without password and access the internet from there.

How can this be? I now must turn off my second wireless network until Netgear fixes this. This is really startling to me and shakes my confidence in Netgear to secure our data. Even more alarming is that I chose to allow wireless 2 users to interact with my main network wireless 1 because it is one commonn working effort once people are credentialed in either wireless SSID. I did not ever intend for people on a surprise open wireless 2 network to be able to get into the full backend through a wide open security hole like this.

I reset the device to factory reset and was once again startled to see that as soon as I activate the second wireless network, place a WPA2 passphrase on it, and then look at the wireless broadcast that I once again see the secure version and an unintended open version. Beware, you may be sharing more data with the public than you expect with this flaw. Maybe it is because I am using ethernet backhaul? My hypothesis is that with wired backhaul Netgear has finally allowed us to use all 3 radio bands for client communication instead of reserving the upper 5GHz band for nothing since backhaul is wired in my case. I am happy with that improvement but perhaps they have forgotten to secure the upper band wi-fi when wired backhaul is freeing up the 3rd band on wireless profile 2?

A corollary to this was also discovered in further trials using firmware 2.3.5.106 this weekend. I shut down the wireless 2 profile until the security fix is made but I then enabled the true guest portal. I secure it with a password and provide that to those I wish to allow on my network. Problem is, I did not expect that those using the guest portal would be able to access resources on my main network profile yet that seemed to happen when one user was able to send video from his windows computer to a smart TV connected via ethernet. I expect that guest users will be fully segregated from the ethernet and wirleess 1 profile.

This all makes me very nervous trusting Netgear to properly secure the network here. These are critical issues that others should watch carefully until the next updates.

MrJoshW · ‎2019-07-08

Hello,

Thanks for the update. Verifying with engineering if this fix was included in the recent firmware update or is part of a bigger firmware release.

ShawnC · ‎2019-07-08

Just want to put this thread back on track...

We were dicussing features that we feel should be included in the ORBI Pro product. This includes features that were initially stated in the documentation but later pulled out of "revised" documentation and never implemented.

Has anyone received an official reply from far up the Netgear executive chain? I'm going to have to switch products soon, and not just my network but some of my customers as well.

Throwing out this idea one more time as well... the Orbi is using DD WRT underneath. Many packages can be applied to the Orbi after you SSH/Telnet in. The problem is that you cannot write to the boot partition so all changes are lost with reboots are powering off. Why not just offer a patch that allows us to "write" properly so we can fix most of these issues (quickly and pretty easily) ourselves? We could probably clone whats in the Orbi now to our own storage and make this happen, but we shouldn't have to do this.

-ShawnC

Flash008 · ‎2019-07-08

Ironic it may seem. I just received communication from Nadar. Nader just returned from vacation and it "catching up" on things. Nadar assures me this is not a dead topic.

It is my opinion that "time is better" for this situation. Unlike others who will give you a fast, but meaningless, response. I believe Netgear is taking this very seriously and working on their response and solution to this. Of course, this means "TIME".

So, let us wait for Netgear's response which should be "soon".

I hope everyone had a great weekend and a Happy 4th....I spent the last 5 days on the beaches of Santa Monica, CA, trying very hard to not care about a damn thing.....LOL......And I did a great job doing it.

MrJoshW · ‎2019-07-10

Hello Everyone,

Just got an update on engineering regarding the issue folks are seeing regarding the duplicate SSID's being broadcasted. The current release does not have the fixes included and are included in the upcoming 2.4 Orbi Pro release scheduled in the middle of August. Current release was to resolve throughput issues that were reported.

ibmman69 · ‎2019-07-16

When I originally bought my Orbi the updates made via telnet would stick. A subsequent update took this feature away.

schumaku · ‎2019-07-16

@ibmman69 wrote:
When I originally bought my Orbi the updates made via telnet would stick. A subsequent update took this feature away.

That's the risk of using non-supported "features" - these can come and go, work or fail.

schumaku · ‎2019-07-16

@MrJoshW wrote:
The current release does not have the fixes included and are included in the upcoming 2.4 Orbi Pro release scheduled in the middle of August. Current release was to resolve throughput issues that were reported.

Seriously?!?

This is supposed to be a security issue - major in my opinion - requiring a fix within a few days. This is not consumer Orbi or Nightmare junk (where Netgear does not bring any feet to the ground hunting bugs anyway) is it?

ThaMichie · ‎2019-07-16

I agree, how can we leave our company network exposed like this for a month?

We need a quick fix adressing this issue!

MrJoshW · ‎2019-07-17

The issue with the duplicate SSID is due to selecting the option to split both wireless bands to their own seperate SSID in the wireless 2 profile. Even if you choose not to broadcast the 5ghz band the SSID will still be displayed. The work around currently for this is to either not use the split wireless bands option or to use a password on both 2.5 and 5 ghz SSID. Engineering has acknowledged this issue and is planning to address this in the upcoming Orbi Pro 2.4 release.

Retired_Member · ‎2019-07-17

Actually, I never set my Orbi Pro to separate bands. In my case the wired backhaul seems to have been the trigger for the new band posting a duplicate wi-fi profile 2 network without any security. Thus, this was a startling and aggregious security problem that leaves me thinking Netgear needs help testing solutions before they go live. I enjoy the equipment enhancements (especially being able to use all wi-fi bands for clients) but knowing my private network was open was unacceptable and I am glad I found it after a week or so and that it seems to have caused no intrusion for me before I did find it. Others may not be so lucky.

Retired_Member · ‎2019-07-17

One more thing, I see that version 2.3.5.108 is now out. I updated but in reading the update notes I see no mention to this major security problem as a known issue. This is again making me lose trust in Netgear. Why don't they admit that people are vulnerable to an open network on profile 2 if they are using backhaul. This is clearly a known issue unless that was fixed in 108 which they are not saying it was. Boy, this upsets me something fierce as security is critical as this means some people's presumptively secure work networks will be left open for any wi-fi open network surfer to find. This is a major blow for confidence in Netgear.

Flash008 · ‎2019-08-01

I am starting a new thread to get re-focused on our issues with Netgear Orbi Pro.

Please go to the new forum thread and let us share our comments about Orbi Pro issues and feature requests.

We still have the ear of high ranking Netgear staff. So let’s keep this discussion alive and FOCUSED.

https://community.netgear.com/t5/Orbi-Pro-WiFi-for-Small-Business/Making-Orbi-Pro-Better/m-p/1782289...

Re: Security problem with wireless 2 profile on Orbi Pro firmware

Betreff: Firmware 2.3.1.100

Betreff: Firmware 2.3.1.100

Betreff: Firmware 2.3.1.100

Betreff: Firmware 2.3.1.100

Betreff: Firmware 2.3.1.100

Betreff: Firmware 2.3.1.100

Betreff: Firmware 2.3.1.100

Betreff: Firmware 2.3.1.100

Security problem with wireless 2 profile on Orbi Pro firmware