WA850RE Extended wifi offers TKIP, how do I disable that?
WA850RE Extended wifi offers TKIP, how do I disable that?
Hardware Version : V2
Firmware Version : : 1.0.0 Build 20160527 Rel. 60757
ISP :
WA850RE Extended wifi offers TKIP, how do I disable that?
[V2 hardware (Admin, pls note the "Add more information" section of the post creation form does not allow me to enter the hw version)]
My "primary" wifi (host network) security is set as WPA2-AES (no TKIP, and no WPA). When I view it with Acrylic's wifi scanner (free) it confirms this wifi as just WPA2 offered, with "PSK-CCMP" only available (CCMP essentially is AES by another name), so confirming no WPA and no TKIP are available (or WEP come to that).
After using WPS to connect the extender to this wifi, Acrylic shows that the extended wifi is offering both the old WPA as well as WPA2, and both are shown as "PSK-(TKIP|CCMP)". [and Nirsoft's free WifiInfoView says the same]
Note that TKIP is deprecated and should not be used, so WPA should not be used at all, and WPA2 should not be used with TKIP.
So I don't want my extender to offer anything except WPA2 with PSK + AES.
In the extender's web management pages there are no obvious setting to change the extended wfi security settings.
I did note though that under Wireless/Connect to Network (ie where you can manually set the primary wifi connection details) there is a Security drop-down which shows " WPA-PSK/WPA2-PSK" currently selected, but gives "WPA2-PSK" as an alternative option. I tried the "WPA2-PSK" option and it has changed the extended wifi security, BUT not "enough".
After changing to "WPA2-PSK" Acrylic now shows the extended wifi with just WPA2 offered (WPA has gone), BUT it still shows "PSK-(TKIP|CCMP)" whereas I was hoping for "PSK-CCMP".
So how do I switch off the now deprecated TKIP completely in the extended wifi?
Cheers
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Dear @Solla-topee,
I perfectly agree with @lobosec.
This is a security breach and this needs to be fixed as soon as possible.
If a cybercriminal used an old device that relies on TKIP to launch an attack we would be in a very bad situation.
Actually this has been an issue for a long time exposing us to threats, we just didn't know; our networks have been exposed so far.
I own a RE200 repeater.
@Solla-topee, what is the timeline to have a new firmware patch that allows us to choose the encryption method?
Kind regards
- Copy Link
- Report Inappropriate Content
Security 101 calls for any services/protocols to be turned off if not required. Like others have said, the user should be able to choose which protocols are allowed and which ones are not. As things stand now, there is still a risk and so a fix to be able to completely turn off weak/insecure protocols is required.
I look forward to tp-link providing the necessary fixes for routers and repeaters in new firmware updates as soon as possible. Thanks.
- Copy Link
- Report Inappropriate Content
As you can see there are several threads about this same issue and everybody is confirming that the extenders broadcast in TKIP.
But we are still missing an official answer about what is being done by the company to fix this and by when.
Can you please urgently provide a feedback about these two points?
KR
- Copy Link
- Report Inappropriate Content
@Solla-topee why was this post marked as solved while there are still open and pending questions (timeline for a firmware fix) and everybody is confirming that TKIP is still active, regardless of the main router settings?
- Copy Link
- Report Inappropriate Content
This thread (to which you replied) confirms that regardless of the latest answers that were provided the extenders still broadcast in TKIP mode:
https://community.tp-link.com/en/home/forum/topic/192784
An update from your side is needed by yesterday
KR
- Copy Link
- Report Inappropriate Content
Are there any updates regarding this subject? Have range extenders been given new updates in order to use only AES encryption?
I personally have a WA850RE model too and I'm currently experiencing the same issue.
Thank you.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Information
Helpful: 1
Views: 9107
Replies: 17