Has anyone noticed that the Orbi creates an unencrypted WiFi network (as well as an encrypted one with the same name, and you only get to see the encrypted one on most phones)?
My configuration:
Latest firmware from the site today (and the previous firmwares do this)
AP Mode or router mode
WPA2 enabled (not 3) with password.
Reboot - you get 2 networks on 5g, one encrypted and not encrypted on the satellites. Logged into the sattelite web interface to confirm it (and logging in passwordless on my devices as well. Shocking).
This is absolutely not what I expected for the price. The worst thing is it doesn't even tell you it's doing it - I only caught this because it flashed up briefly after a rebbot on my phone before being de-duplicated with the encrypted one - at that time I checked, and was able to join unencrypted with another device.
Lets troubleshoot this first before claiming nobody saw this. Mines working and I haven't seen this. One user did report this earlier this year and we believe it was fixed with a reset and setup.
Lets factory reset the RBR and RBS. Press the reset button on each for 15 secons then release. Complete the RBR setup wizard. I would not sync the RBS until after the setup wizard completes. Do this with a wired PC and web browser with the RBR.
After you get the RBR setup, take 1 RBS, while in same room as the RBR, and sync the RBS to the RBR by pressing the sync button on the back of the RBS first, then RBR. Or use the RBRs Add Satellite web feature.
Wait for the front to turn BLUE then give about 5 minutes. Check the RBS web page for WPA status. If you have a 2nd RBS, do same process to re-sync it.
How was the RBR and RBS updated? Automatically or manually download FW files?
What is the size of your home? Sq Ft? What is the distance between the router and 📡 satellite(s)? 30 feet or more is recommended in between RBR and RBS📡 to begin with depending upon building materials when wirelessly connected.
I'll correct that by first stating that it's likely 2 tech savvy people have noticed this issue (whereas scores of non-tech savvy people who may not know, have not). Also, depending on your country, this could make some people directly liable for (even unwittingly) running an open AP should it be abused.
I have already reset the AP twice and gone through the setup process. However I will follow your instructions and do it 'your way'. Regardless of this however, this is a serious bug and it needs to be addressed with a firmware update.
There will be many non-tech people who are unwittingly running an open, insecure network because of this.
I now have this working, the setup process is completley borked making assumptions about the network it is plugged into that it should not be. It is impossible to use the normal setup process, so I eventually worked around it.m
Setup assumption that it can always have 192.168.1.1 (it cannot, another device has that on this network).
Setup assumption that I want to use this as a router and not a simple AP. (I have a proper firewall for my gateway, orbi will never be more than an AP)
Setup assumption that the wifi name I choose is not already active (as being retired, but not yet). This completley screws up the setup process.
Additionally:
Netgear-Guest appears randomly each time the orbi devices are rebooted. This should never happen, even for a second as it's not configured.
If the setup fails to complete for whatever reason, an insecure AP will be created on 5G alongside an encrypted one. The app will not notify you have an insecure network, and will not sync the proper settings to the satellite routers to secure the network. Only a full reset cures this and working around issues with the setup.
There is no notification to the user that the network is in this insecure state, so they don't know to fix it. This could be trivial to put into the app as you could be in deep water in some countries for running an open AP (GPDR, anti terrorism laws relating to WiFi(I kid not), etc).
All of this stems from inadequate testing.
To answer your previous questions regarding firmwares, I was able to reproduce this on the original factory firmware and the latest firmware (as in my screenshot). All orbis were in the same room. Firmware was updated manually. The app will also let you abort the setup process halfway through (and then let you in as if it was fully completed). I used the web interface in all instances to configure the router (after realising that the app was, basically, "not good at all")
I'm wondering if this is worth a CVE as there will be people unawares that they are running an open access point.
Setup the main and satellites in the same room (eventually) all working fine.
Move the satellites to their respective locations - one of them has wired backhaul.
Watch in amazement as that paticular satellite no longer appears on the 'attached devices' list, yet is somehow working, but can't be re-added to the list so I can't remotely see what it's status is anymore.
Also, web firmware crashes in said sattelite when you do anything other than view the initial web page - clicking on a link borks it.
Not impressed. Firmware. Seemingly written and tested by noddy.
The one as in the screenshot 3.2.18.1. Which has the same behaviour as the previous 'factory installed' firmware 3.2.16.22
Well this was working, then I rebooted the main unit, and bang the satellites are back to unencrypted.
Edit: So far this looks like something is happening to cause the satellites to not pull their configuration correcly from the main device. I will narrow this down now that I know this can(very worryingly) be triggered at any time after configuration has finished.
Looks like this is a problem with using wired backhaul, and I *think* I have narrowed this down a fair bit:
If you use wired backhaul, and your WAN port for your main 'uplink' on your AP configured Orbi (*not* in router mode) is the main network link (it is the only connection) then the bug is triggered one way and you never see the wired backhaul appear in the 'connected satellites' list, but WPA is active on the wifi for the satellites.
but
If you instead use one of the normal non-wan (LAN) ports on the orbi, then the satellite appears in the wired backhaul list, and everything *appears* fine in the app, however you'll end up with an open, unprotected accesspoint on your satellite that anyone can connect to as well as an encrypted version - this will then persist in the AP until you throw it through a brick wall.
I have not tried this in Router mode as I already have Cisco kit for that. It'll only ever be used in AP mode.
Edit: I now have this working in a 'barely good enough' mode. There are big bugs in the firmware which need to be fixed to avoid a cve.
Everything is CAT.6e(yes, for a home network) and there are 2 switches between the main AP and satellite, however the switches are largely irrelevent as I've also reproduced in this room using just one switch and 2 short cables.
Yes, I got a brand new rbk852 from NG.They repeat this open 5g problem in their lab.For me, with the new rbk852 and new setup, while the unsecured 5g satellite wifi still exist sometimes.
Yes, I got a brand new rbk852 from NG.They repeat this open 5g problem in their lab.For me, with the new rbk852 and new setup, while the unsecured 5g satellite wifi still exist sometimes.
