Tenda Nova MW6 Weak Wi-Fi Security on Secondary Node

cooni on 21/10/2020 - 13:14
Last edited 21/10/2020 - 13:36 by 1 other user

I have a Tenda MW6 set with two nodes, ethernet backhaul. It runs great but,

iOS 14 gave me the notification of shame. Weak security. But this only happens when connected to the secondary node. When connected to the primary node the warning is not there.

Running

/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s

from my Macbook yields the following:

(Primary)
SSID B:S:S:I:D -56 6,-1 Y — WPA2(PSK/AES/AES)
SSID B:S:S:I:D -56 40 Y US WPA2(PSK/AES/AES)

(Secondary)
SSID B:S:S:I:D -49 6,-1 Y — WPA(PSK/TKIP,AES/TKIP) WPA2(PSK,FT-PSK/TKIP,AES/TKIP)
SSID B:S:S:I:D -37 40 Y US WPA(PSK/TKIP,AES/TKIP) WPA2(PSK,FT-PSK/TKIP,AES/TKIP)

So indeed the secondary node is accepting WPA1 and TKIP as well as WPA2 AES but the primary node only takes WPA2 AES.

Following the research done at https://github.com/latonita/tenda-reverse I managed to telnet as root into each node (press and hold reset for 3 seconds to open port 23, root password is the base64 of your wifi password) and dump all the internal settings and there's little that varies between them. I tried changing the following settings which differed but it did not help:

wl2g.public.dot11r=0
wl2g.public.dot11v=0
wl5g.public.dot11r=0
wl5g.public.dot11v=0
wlan.fastroam.enable=0

Can anyone else with MW6's please check the Wifi security settings for each of your nodes and report back if your experience is the same as mine? And of course if you know how to fix this issue that would be even better.

(It is known the older Tenda MW3 only supports WPA2 TKIP)

Computing Mesh Network Tenda Wireless Router

Comments

MS Paint on 21/10/2020 - 13:29

-5

Is this even in English?
- No Username on 21/10/2020 - 13:36
  
  +1
  
  没有
- cooni on 21/10/2020 - 13:52
  
  +2
  
  You are in a computing sub forum…
No Username on 21/10/2020 - 14:20

Is the config being saved properly? When the device restarts are the settings retained? You could also try and reinstantiate the config via a Cron Job upon reboot.
- cooni on 21/10/2020 - 15:00
  
  Config is retained upon reboot
scotty on 21/10/2020 - 14:23

Related forum post on MW3 from earlier this month. Can you change the WPA algorithm from TKIP to AES?
- cooni on 21/10/2020 - 15:00
  
  You can't change anything related to security in the app except the password.
  The primary node definitely does WPA2 AES only.
  
  In the internal settings, this is everything listed that relates to wireless security and they are the same between the nodes:
  
  wl2g.ssid0.bss_auto_hide_ssid=1
  wl2g.ssid0.bss_maxassoc=48
  wl2g.ssid0.enable=1
  wl2g.ssid0.guest_enable=0
  wl2g.ssid0.hide=0
  wl2g.ssid0.key_uptime=0
  wl2g.ssid0.maclist1=
  wl2g.ssid0.maclist_num=0
  wl2g.ssid0.macmode=deny
  wl2g.ssid0.pretype=long
  wl2g.ssid0.radius_ip=
  wl2g.ssid0.radius_key=
  wl2g.ssid0.radius_port=1812
  wl2g.ssid0.radius_time=0
  wl2g.ssid0.security=wpapsk
  wl2g.ssid0.ssid=MYSSID
  wl2g.ssid0.ssid_encode=utf-8
  wl2g.ssid0.sta_isolate=0
  wl2g.ssid0.wep_key=1
  wl2g.ssid0.wep_key1=12345
  wl2g.ssid0.wep_key2=12345
  wl2g.ssid0.wep_key3=12345
  wl2g.ssid0.wep_key4=12345
  wl2g.ssid0.wep_type=open
  wl2g.ssid0.wmm=on
  wl2g.ssid0.wmm_apsd=off
  wl2g.ssid0.wpa_crypto=aes
  wl2g.ssid0.wpa_type=wpa
  wl2g.ssid0.wpapsk_crypto=aes
  wl2g.ssid0.wpapsk_psk=MYPASSWORD
  wl2g.ssid0.wpapsk_type=psk2
  wl2g.ssid0.wps_enable=1
  - No Username on 21/10/2020 - 15:10
    
    This is from my router cfg which is a different brand to yours:
    aaa.2.wpa.1.pairwise=CCMP
    
    Maybe you could add
    
    wl2g.ssid0.pairwise=AES
    
    Edit: You should also disable WPS for security purposes.
    - cooni on 21/10/2020 - 15:44
      
      The main confusing thing is that both nodes have the same parameters but act differently.
      pairwise doesn't appear at all in my configuration but I'll have a go at adding it.
      
      If you don't mind, could you dump your config in it's entirety and PM me? Understandable if you don't want to.
      
      Indeed WPS should be disabled. There's a WPS PIN listed as well that I missed. Sounds like a backdoor.
      - No Username on 21/10/2020 - 15:49
        
        +1
        
        @cooni: aaa.3.pmf.status=enabled
        aaa.3.pmf.mode=1
        aaa.3.ft.status=disabled
        aaa.3.country_beacon=disabled
        aaa.3.11k.status=disabled
        aaa.3.br.devname=br4
        aaa.3.devname=ra2
        aaa.3.driver=madwifi
        aaa.3.ssid=XXXXXXXXXXXXXXXXXXXXXXXXXX
        aaa.3.status=enabled
        aaa.3.verbose=2
        aaa.3.wpa=2
        aaa.3.eapol_version=2
        aaa.3.wpa.group_rekey=3600
        aaa.3.p2p=disabled
        aaa.3.p2p_cross_connect=disabled
        aaa.3.proxy_arp=disabled
        aaa.3.is_guest=true
        aaa.3.tdls_prohibit=disabled
        aaa.3.bss_transition=enabled
        aaa.3.id=XXXXXXXXXXXXXXXXXXXXXXXX
        aaa.3.wpa.key.1.mgmt=WPA-PSK
        aaa.3.wpa.psk=XXXXXXXXXXXXXXX
        aaa.3.wpa.1.pairwise=CCMP
        aaa.3.radius.macacl.status=disabled
        aaa.3.hide_ssid=false
        wireless.3.mode=master
        wireless.3.devname=ra2
        wireless.3.id=XXXXXXXXXXXXXXXXXXXXXXXXX
        wireless.3.status=enabled
        wireless.3.authmode=1
        wireless.3.l2_isolation=enabled
        wireless.3.is_guest=true
        wireless.3.security=none
        wireless.3.addmtikie=disabled
        wireless.3.ssid=XXXXXXXXXXXX
        wireless.3.hide_ssid=false
        wireless.3.mac_acl.status=enabled
        wireless.3.mac_acl.policy=deny
        wireless.3.wmm=enabled
        wireless.3.uapsd=enabled
        wireless.3.parent=ra0
        wireless.3.puren=0
        wireless.3.pureg=1
        wireless.3.usage=guest
        wireless.3.wds=disabled
        wireless.3.mcast.enhance=1
        wireless.3.autowds=disabled
        wireless.3.vport=disabled
        wireless.3.vwire=disabled
        wireless.3.schedule_enabled=disabled
        wireless.3.no2ghz_oui=enabled
        wireless.3.element_adopt=disabled
        wireless.3.mcastrate=auto
        wireless.3.bga_filter=enabled
        wireless.3.dtim_period=3
        wireless.3.minrate_data=6000
        wireless.3.beacon_rate=6000
        wireless.3.mgmt_rate=1000
        wireless.3.bcfilt.status=enabled
        wireless.3.bcfilt.1.status=enabled
        wireless.3.bcfilt.1.mac=XX:XX:XX:XX:XX:XX
cooni on 13/01/2021 - 14:09

There's a new firmware that specifically addresses this.
V1.0.0.29(5834)
- dansblackcat on 18/02/2021 - 17:14
  
  I've been on firmware v1.0.0.30(6807) for over a year, at least. I actually don't recall ever seeing another firmware update after the one when I first set them up.
  - cooni on 18/02/2021 - 19:26
    
    On MW6?
    - dansblackcat on 19/02/2021 - 11:43
      
      Yeah. I have 3x MW6.
      - cooni on 19/02/2021 - 12:09
        
        @dansblackcat: That’s odd. Maybe we have different hardware versions.
        
        dansblackcat on 19/02/2021 - 13:13
        
        @cooni: I haven't seen any mention of different version or revisions but I guess it would have to be something like that.
        
        cooni on 19/02/2021 - 13:35
        
        @dansblackcat: https://deviwiki.com/wiki/Tenda_Mesh3_(Nova_MW6)
        
        https://deviwiki.com/wiki/Tenda_Mesh3-18_(Nova_MW6_2018)
inamberclad on 03/02/2021 - 10:43

resurrecting an old post - cooni does this mean ios/iphone still supports a router using tkip??
- cooni on 03/02/2021 - 12:13
  
  TKIP no longer an option so no warning shown in iOS. The wifi part of the router is now considered safe.
  - inamberclad on 03/02/2021 - 12:19
    
    Thanks. I was trying to understand the practical aspect of your post alongside the many "mw6 is unsafe" unqualified posts on this and other forums.
    - cooni on 03/02/2021 - 12:22
      
      +1
      
      Yep it’s all good now

Tenda Nova MW6 Weak Wi-Fi Security on Secondary Node

Comments

Related Products

New Forum Topics