NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

GWild's avatar
GWild
Guide
Jan 28, 2021

WPS is ON all the time, and can't be disabled

Orbi RBS20/CBR40 System   WiFi Monitor is showing the network as WPS enabled: so it seems it is susceptible to the WPS hacks out there. There is also no visible way to disable WPS within the Orbi L...
GWild's avatar
GWild
Guide
Jan 28, 2021

By looking at all of the channels in use by the Orbi, there are several back channels without SSID open, I'm going to guess that the WPS is used to create and open those back channels.  The only option to create a new PIN is to use the Backhaul "Generate New Password" ... This new PIN is then stored for when the router/slave reboot or power cycle.

 

Bottom line, there is a PIN to hack, and it looks like it is an inherent system capability/vulnerability that can't be disabled.

 

Backhaul Password
Orbi can generate a new hidden password to improve security for its backhaul connection.
WARNING: Generating a new password might cause the Orbi satellite to lose connection from the Orbi router. To reconnect, use the SYNC button
FURRYe38's avatar
FURRYe38
Guru
Jan 28, 2021

Again, I might presume that NG may employ some form of there own WPS handling and syncing that is proprietary on Orbi or NGs MESH systems which only is behind the scenes and is apart of there core non GPL code.

 

If you feel that his is an issue. Please contact NG support and advise them of your concerns. There would not nothing we can do here in the forums to effect a change. 

 

 

  • GWild's avatar
    GWild
    Guide
    Jan 28, 2021

    Netgear won't discuss this with me because I am outside their 90 day customer service window. 

     

    But folks - customers - should understand that this vulnerability still exists in Orbi routers... and it isn't anything proprietary: because my tools report it as standard WPS (conforming to standards) ... lol. 

      • CrimpOn's avatar
        CrimpOn
        Guru
        Jan 29, 2021

        I installed the ""reaver" WPS hack tool for Linux.  After several attempts, all it manages to say is, "detected AP rate limiting. Waiting 60 seconds before re-checking."  One attempt said, that it was trying PIN 12345670, but nothing after that.  Not encouraging that the tool designed to discover WPS PIN in a minimum of 11,000 attempts has failed miserably.

         

        Of course, I will keep plugging away trying to hack the Orbi WPS PIN, but I have this feeling that the comment from 2014 is correct that "Modern WiFi access points are not vulnerable to PIN attack."

         

        That leaves the physical WPS button, which I do not see as that much of a vulnerability.  If someone can physically touch my Orbi to press the WPS button, they can do so much more.