NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
WAX210 Firmware 1.1.0.34 Bug – SSID Password Complexity Incorrectly Enforced
Hi everyone — I’m seeing what looks like a firmware regression on the WAX210 after updating to v1.1.0.34, and I want to report it in case others are affected. After updating, the AP now refuses to save any configuration changes (even unrelated ones like just renaming the Access Point). The UI throws this error: SSID1: SSID passphrase length must be between 8 and 63 characters, and contain at least one uppercase letter, one lowercase letter, one number, and one special symbol. This happens even when the SSID password is not edited at all. The AP loads the existing (valid) WPA2/WPA3 passphrase and flags it as invalid due to a complexity requirement that didn’t exist before. This appears to be the AP Login Password complexity policy being mistakenly applied to SSID passphrases, which contradicts the official manual. SSID passwords for WPA2/WPA3 should only require 8–63 characters. Reproduction Steps Update WAX210 to firmware 1.1.0.34 Log into the web interface Make any change (example: AP Name only) Click Apply The SSID password complexity error appears, even though SSID settings were untouched Impact. The AP cannot accept any configuration changes unless the SSID password is replaced with a much more complex passphrase. This forces a complete re-key of all connected devices. Expected Behavior Per the WAX210 User Manual, SSID passphrases should be valid with: 8 to 63 characters No requirements for uppercase/lowercase/digits/symbols Those rules worked correctly in previous firmware versions. Current Workaround Rolling back to firmware 1.1.0.25 or 1.1.0.20 fully resolves the issue. Request Can Netgear please confirm whether this is a regression in 1.1.0.34 and escalate to the firmware engineering team? This issue effectively prevents configuration of the device. I can provide: Screenshots of the error dialog A configuration backup A short video showing the issue Exact hardware revision and serial if needed Thanks in advance.Request: List of Products That Perform Cryptographic Key Provisioning
We are reviewing your networking products for internal compliance purposes. Could you please confirm which of your hardware-based products (e.g., switches, routers, relays, gateways) include any of the following cryptographic functions: Provisioning or distribution of encryption keys to other devices Acting as a MACsec Key Server (e.g., providing CAKs/SAKs to peers via MKA) Providing IPsec/IKEv2 key exchange for other systems Embedded EAP/PKI certificate provisioning or CA functions Managing network-wide encryption policies or certificate trust for other devices We are not asking about encryption used only for login/authentication (e.g., HTTPS, SNMPv3, 802.1X), or encryption used solely for the unit’s own interfaces. This request is limited to cases where the product provides or manages encryption on behalf of other devices. If possible, please provide a list or matrix identifying which models include any of the above features. Any documentation that describes these capabilities would also be appreciated. Thank you for your support.WAX620 V10.8.13.2 generating apparently bogus auth messages
I'm seeing messages for the MAC address of a Tuya Smart device authenticating and deauthenticating repeatedly to one of my SSIDs. There is no such device in my house. Is this a neighbor's device or a bug, or combination of the two? I tried creating a MAC ACL for it, which didn't completely stop the auth messages -- the WAX620 still reported periodic auths along with block messages. I've changed the SSID password (WPA3/2) and turned off the four devices using that SSID, but the messages continue. Below is a sample, the first form is seen every few seconds. No associated device ever makes a DHCPREQUEST. May 13 14:21:16 hostapd: wifi0vap0: STA a8:80:55:3c:be:c5 IEEE 802.11: authenticated May 13 03:45:52 hostapd: wifi0vap0: STA a8:80:55:3c:be:c5 IEEE 802.11: Station deauthenticated due to reason code 34 May 13 04:00:37 hostapd: wifi0vap2: STA a8:80:55:3c:be:c5 IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)Share internet between two Vlans on a netgear GS724TV4
Hi So I been trying for altmost 2 days to set up my netgear GS724TV4, which is a managed layer3 switch, but does not have capability to create a DHCP server. I am running a webserver and email server, and would like to seperate this from my private network, in case of hacking. So I though I would make two Vlan, lets say vlan1 for private and vlan100 for the server. ISP fiber to my house -> deco X10 setup (internet Vlan id 101 - 802.1q tag) -> unmanaged layer3 switch that provides my netgear with 2 patch cabels in port12 and 13 I have attached a screenshot of my setup and here is some info: port 2 and 3 my private network. port 12 and 13 - Conntect to an unmanaged switch, where my internet patch-cable is connected. port 24 - my server Since I dont understand inter-routing my idea was to have 2 vlans, where vlan1 had port 1-12 untagged and vlan2 had 13-24 untagged, and both vlans would get internet via port 12 or 13. Could somebody tell me if and how to set this up? Help is greatly appriciatedGS724Tv6 How to disable UPnP?
Bought GS724Tv6 switches, which are now spamming my network with SSDP NOTIFY packets. From what I gathered this is due to some UPnP advertising. How can I stop these switches from doing that? In the manual (GS724Tv6_GS748Tv6_UM_EN.pdf) I read: "Manage UPnP switch discovery By default, Universal Plug and Play (UPnP) is enabled on the switch." and I could disable it under "Select System > Management > Switch Discovery. The Switch Discovery page displays." Sadly there is no such option, not does the Site Index list 'Switch Discovery' anywhere. => How can I disable UPnP?TLS 1.0 & 1.1 active in WAX625 https web interface
Having TLS 1.0 and TLS1.1 supported in https web interface makes Wifi WAX product line susceptible to TLS attacks : - BEAST Attack - CRIME Attack - RC4 Attack - Weak Cipher Suites Attack - Attacks renegotiation And the product is unfortunately shown to be non compliant with security scans, just for that unfortunate reason. The firmware is V10.8.11.4 and I cannot find a security option about TLS ? Are there hidden options somewhere ? Would it be possible to add an option to only support TLS 1.2 (and not 1.0 and 1.1) ? [ I means, as far as software is concerned, this is mostly a change of a numerical constant somewhere. ]Configure SSL/HTTPS for GS724TPV2 and GS752TPv3
Hi All, I am looking to enable HTTPS for all my Netgear Switches (GS724TPV2 and GS752TPV3). But I cannot import the self-signed certificate that I have already got available. I feel like I'm missing a vital step, and was wondering if someone is able to help me on this? Looking forward to hearing some advice. Cheers!