You are here

Home » Forums » Development » Possible Bugs

Possible security issue with build 556

13 posts / 0 new
Log in or register to post comments
Last post
Thu, 12/13/2018 - 21:29
#1
AC0WN
AC0WN's picture
Possible security issue with build 556

I have build 556 on a hAP AC lite and I love the ability to turn off the RF mesh side on 2.4 Ghz.  It's also great that you can use either the 2.4 Ghz radio or the 5 Ghz radio as an access point.

However ....  after configuring the 5 Ghz radio as an AP on channel 149 the node is still advertising the SSID "MeshNode2G" as an unsecured network.  I can log on this network without a password and use the mesh as well as the wan side (which I am doing now to post this topic).

Many thanks for the great work ... this router is going to be a wonderful tool as we work out the "bugs".  :)

73,
julie /ac0wn

Top
Thu, 12/13/2018 - 21:54
AE6XE
AE6XE's picture
ac0wn,  can you capture a
ac0wn,  can you capture a support download and upload?    Advertising this SSID MeshNode2G is only something that occurs immediately after firstboot and prior to configuring the device.    on the hAP ac lite, on firstboot both wireless cards are in AP mode with no encryption or password, and mesh nodes have had this behavior for several years.   but once configured and rebooted, this configuration should no longer be possible.   Reboot the device and capture the support data and we'll go from there.

Joe AE6XE
Top
Fri, 12/14/2018 - 13:11
(Reply to #2)
AC0WN
AC0WN's picture
Data Capture

Hi Joe,

Thank you very much for your support.  I did a reboot from the setup page and MeshNode2G was still advertising its SSID so I did a cold boot.  After the cold boot I still have the ability to log on without a password on MeshNode2G.  The data dump is attached along with a screenshot of the SSID advertisement.

julie

Image Attachments: 
Support File Attachments: 
File supportdata-W7FLO-12-RTR-201812141759.tgz
Top
Fri, 12/14/2018 - 17:45
(Reply to #3)
AE6XE
AE6XE's picture
Thanks.  It appears some of
Thanks.  It appears some of the out-of-box OpenWrt scripts think the wireless 2Ghz adapter needs to be configured.  This Openwrt logic added the wireless config options to turn this on -- as if it was a firstboot situation, but was actually a successive reboot.  

Can you do a "save" in basic settings, without changing anything, reboot, and then see if the condition still exists?   If symptom goes away, then the challenge will be to discover the sequence of steps you went through to reproduce it.   If the condition still exists, then it will be easy to reproduce and fix.

Joe AE6XE
Top
Fri, 12/14/2018 - 19:36
(Reply to #4)
AC0WN
AC0WN's picture
The condition still exists

I did the "save" in basic settings as requested and rebooted.  Still able to login without a password and the MeshNode2G SSID is still advertising itself.

julie /ac0wn

Top
Fri, 12/14/2018 - 20:11
(Reply to #5)
AE6XE
AE6XE's picture
I was able to reproduce just
I was able to reproduce just now too.  Confirmed, the openwrt default logic is seeing when mesh RF is off, the 2GHz radio is not configured.  Thus adds these settings as if firstboot.   Easy fix...  thanks for finding and reporting.

Joe AE6XE
Top
Sat, 12/15/2018 - 11:11
(Reply to #6)
AE6XE
AE6XE's picture
I'm testing a fix out for
I'm testing a fix out for this.   ...and added a 2GHz/5GHz option for which band to configure for AP.   Literally going to DisneyLand today  but changes in the pipeline soon.   The family convinced me to bear the crowd :) .

Joe AE6XE
Top
Sat, 12/15/2018 - 11:51
(Reply to #7)
AC0WN
AC0WN's picture
Good idea

Joe, the band select option sounds like a great idea.  Enjoy the "happiest place on earth".  :)

julie /ac0wn

Top
Sat, 12/15/2018 - 14:35
(Reply to #8)
AJ6GZ
DL
Leave a node on the Matterhorn!
Top
Mon, 12/17/2018 - 23:59
AE6XE
AE6XE's picture
This has been addressed in
This has been addressed in github Pull Request (PR) submitted this evening with a few upgrades to the LAN AP functionality.  Should be in Nightly Build available probably Wed AM.
Top
Tue, 04/07/2020 - 22:20
K7FYI
I just had this happen with a
I just had this happen with a TP Link CPE210-v2, running 3.20.3.0.

This node was in a temp location in the yard, running on a battery.  It lost contact with my hAP-ac sometime during the night.  After bringing it in and connecting it to a different power supply, it still wasn't on the mesh.  On my iPhone, I saw the "MeshNode2G".  When I connected to it from my iPhone and surfed to 192.168.1.1, it was at the first boot screen.  The default password worked and it just needed my call sign and a new password.  The Mesh RF box was still checked; IP address was populated, channel was -2 / 10 MHz, power was 27 dBm and distance was on 0 (auto) just like I left it.  After the required reboot, it's back on the mesh and connected as expected.

Googling "MeshNode2G" brought me to this thread.

Thinking about what may have happened... I'm confident it didn't run low on battery power (120 AH AGM battery for ~10 hours).  It rained last night and I forgot that was likely and didn't waterproof the connectors?  This is a node that had been otherwise trouble free and used for portable / temporary operations.

Rick
Top
Wed, 04/08/2020 - 14:21
w6bi
w6bi's picture
Rain --> connectors
If rain gets into the RJ45 Ethernet connector, it can short out the two pins that Ubiquiti uses for remote reset, resulting in a node exactly as you described.
Don't feel bad - many of us have suffered from that same issue.

Orv W6BI
Top
Wed, 04/08/2020 - 14:42
AE6XE
AE6XE's picture
I don't recall if tplink
I don't recall if tplink devices behave the same way -- tplink remote reset capability?    I was recently hit with nodes at a tower site going to firstboot and password reset.   (I edited the /etc/config/system file to turn off these triggers until I can replace or patch the cat5 cables...)

Joe AE6XE
Top

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer