HUGE security issue! Guests on C9 v1 were able to delete files from my server, even with set to not allow LAN access!

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

HUGE security issue! Guests on C9 v1 were able to delete files from my server, even with set to not allow LAN access!

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
HUGE security issue! Guests on C9 v1 were able to delete files from my server, even with set to not allow LAN access!
HUGE security issue! Guests on C9 v1 were able to delete files from my server, even with set to not allow LAN access!
2015-12-27 01:39:00 - last edited 2022-08-02 07:45:41
Model : Archer C9

Hardware Version : v1.0

Firmware Version : 4.0.0 Build 20150916 Rel. 37772

ISP : Not important to this issue.

-------------

I originally wanted to set it up as an access point only (network cable from my existing router/network ran to the LAN ports on the C9) with guest mode enabled, but it didn't work of course because the guests couldn't get DHCP requests and I sure as heck wasn't going to enable guest access to my local network. You guys really should put a DHCP "guest" server in the router to handle guest DHCP requests from ONLY guests when in access point mode!

So, I plugged a network cable into the WAN port instead so that I could enable guest mode. My local network going into the WAN port with my servers and stuff is 192.168.0.x and the C9 was set up for 192.168.1.x. I enabled guest SSID's but not "Allow guests to access my local network". With my laptop connected to guests and an ip of 192.168.1.x I was able to type in \\192.168.0.2 and then delete files from my server behind the router :( All guests would have to do is a simple nmap scan to discover all my network devices :(

So, with guests enabled, what can be done to protect the network behind the router?

Is there really no way to allow guest DHCP requests through the switch instead of WAN when in AP mode, but block the rest of the networking?? My linux friend said it's SUPER easy with a few firewall rules, he says if I flash it with DD-WRT he can do it in 30 seconds :(

And of course most important of all, is have an option in the firewall settings to block networking from in front to behind the router.

-Jamie M.
  0      
  0      
#1
Options
1 Accepted Solution
Re:HUGE security issue! Guests on C9 v1 were able to delete files from my server, even with set to not allow LAN access!-Solution
2015-12-27 04:35:30 - last edited 2022-08-02 07:45:41
Never mind, I flashed it with DD-WRT: ftp://ftp.dd-wrt.com/betas/2015/12-24-2015-r28598/tplink_archer-c9v1/

And followed this guide: http://www.dd-wrt.com/phpBB2/viewtopic.php?p=966801#966801

Works flawlessly now as an AP with Guest SSID's. They can't access any of the network behind the AP now!!! Woot. So flawless.

-Jamie M.
Recommended Solution
  0  
  0  
#2
Options
1 Reply
Re:HUGE security issue! Guests on C9 v1 were able to delete files from my server, even with set to not allow LAN access!-Solution
2015-12-27 04:35:30 - last edited 2022-08-02 07:45:41
Never mind, I flashed it with DD-WRT: ftp://ftp.dd-wrt.com/betas/2015/12-24-2015-r28598/tplink_archer-c9v1/

And followed this guide: http://www.dd-wrt.com/phpBB2/viewtopic.php?p=966801#966801

Works flawlessly now as an AP with Guest SSID's. They can't access any of the network behind the AP now!!! Woot. So flawless.

-Jamie M.
Recommended Solution
  0  
  0  
#2
Options