ISSUE : NO WPA2-AES ENCRYPTION FOR TP-LINK WIRELESS EXTENDERS - RE200, RE300, RE400, RE600 + SERIES

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

ISSUE : NO WPA2-AES ENCRYPTION FOR TP-LINK WIRELESS EXTENDERS - RE200, RE300, RE400, RE600 + SERIES

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
ISSUE : NO WPA2-AES ENCRYPTION FOR TP-LINK WIRELESS EXTENDERS - RE200, RE300, RE400, RE600 + SERIES
ISSUE : NO WPA2-AES ENCRYPTION FOR TP-LINK WIRELESS EXTENDERS - RE200, RE300, RE400, RE600 + SERIES
2020-10-07 01:48:13 - last edited 2021-09-01 01:06:41
Model: RE650  
Hardware Version: V1
Firmware Version:

 

RE : TP-LINK WIRELESS EXTENDER AES WIFI SECURITY ISSUE | APPLE IOS "WEAK SECURITY" WARNING | WILL ONLY CONNECT VIA INSECURE TKIP PROTOCOL | DOES NOT OFFER WPA2-AES ENCRYPTION AS SOLD AND ADVERTISED.. ( TP LINK RE200 / RE300 / RE400 / RE500 / RE600 SERIES EXTENDERS AND PERHAPS OTHER MODELS AS WELL )

 

A SERIOUS THREAT TO BOTH THE SECURITY OF YOUR VITAL WIRELESS NETWORK AND ALL DEVICES THAT CONNECT TO IT... 

 

------------------------------------------------------------------------------------------------------------

 

All modern wireless routers and extenders provide you with the current WiFi security protocols known as "WEP" (TKIP), "WPA2-PSK"(AES), and "WPA2-PSK" (TKIP + AES) as selectable options. But if you choose the "wrong" one (TKIP or TKIP/AES) in your primary router setup, you’ll wind up with a slower and much less-secure network as a result.

 

"WEP" (Wired Equivalent Privacy), "WPA" (Wi-Fi Protected Access), and "WPA2" (Wi-Fi Protected Access II) are the primary security algorithms you’ll see when setting up modern wireless networks and routers. WEP is the very oldest standard, and has proven to be very vulnerable to common attacks, as more and more security flaws have been discovered over time. The release of WPA standard improved security a bit, but that standard is also now considered vulnerable to intrusion, which leaves just WPA2 as the default choice for all home, SOHO and SMB wireless networks. While WPA2 is not perfect, it is currently the most secure choice we have.

 

In addition to the above WiFi algorithms, a "second layer" of security protocols come into play,when transmitting and receiving secure wireless signals, and the two most popular are known as "TKIP" (Temporal Key Integrity Protocol) and "AES" (Advanced Encryption Standard) 

 

ProTip : In case you are wondering what the "PSK” acronym (as in "WPA2-PSK") means, it is the encryption protocol for a “pre-shared key", which is generally your encryption "passphrase" or password. This distinguishes it from “WPA2 Enterprise”, which uses a specialized "RADIUS" server to hand out unique keys, and is used primarily on larger corporate or government Wi-Fi networks....

 

So let's take a quick look at how the AES and TKIP encryption protocols differ... And affect your wireless security.

 

TKIP is actually an OUTDATED encryption protocol, introduced way back when with the (now very obsolete) WPA algorithm, to replace the even older and very insecure "WEP" algorithm. TKIP is actually quite similar to the (dinosaur) WEP algorithm, and as such, TKIP is NO LONGER considered secure, and now completely deprecated as a security standard.. In other words, you shouldn’t be using it !!

 

AES is a most secure, modern, common encryption protocol for WiFi, and was introduced with launch of WPA2 algorithm. And AES isn’t just some "generic" protocol developed specifically for Wi-Fi networks, either. It’s a serious worldwide encryption standard that’s even been adopted by the US Government, the US Miliary and most governments across the globe, to secure many of their computer networks.

 

AES is also generally considered quite secure, with its one main weaknesses being open to (very difficult) "brute-force" attacks, which can be mitigated in most cases by the use of strong "passphrases" (passwords). But in the real world, very few consumers do this..  (but you should)

 

The short version is that TKIP is an OLDER, LESS SECURE encryption standard used by the outdated WPA standard, ans AES is the NEWER Wi-Fi encryption solution used by the new-and-secure WPA2 standard. But, depending on your router, and the wireless devices that connect to it (including wireless extenders!) choosing WPA2-PSK as the default protocol may not always be the right choice for you.. (but almost always is)

 

While WPA2 is supposed to use AES for optimal security, it can also use TKIP where backward compatibility with very old "legacy devices" is required. In such a state, devices that support WPA2 will connect with WPA2 and devices that support WPA will connect with WPA. So “WPA2” doesn’t always mean WPA2-AES.

 

However, on devices without a visible “TKIP” or “AES” option, WPA2 is generally synonymous with WPA2-AES.

 

But using WPA and/or TKIP for compatibility with ancient (over 10+ years old) devices also slows down your Wi-Fi network. Many modern 802.11N / AC Wi-Fi routers will slow down to just 54mbps if either WPA or TKIP are enabled on your router or extender. By comparison, 802.11n supports up to 300mbps speeds if you’re using WPA2 with AES. And 802.11ac offers maximum speeds of up,to 3.46 Gbps under optimum (read: perfect) conditions. So there is a big speed hit to your network by using them.

 

SO WITH ALL THAT SAID.....

 

It looks like it might be high time to sell your insecure TP-Link wireless products on eBay (along with a warning of TKIP-Only encryption in your auction description of course), as there does not appear there is a solution at hand to this serious security issue coming from TP-LINK anytime soon, as I believe TP Link was well aware of this product defect for quite some time now.

 

And unlike many major wireless product makers, TP-LINK does not seem to offer firmware or security updates for its extenders once they ship. Many are still on V1 Firmware (Version 1) months or years after the initial product launch from my observation.. 

 

This alone speaks volumes about TP-LINK and their serious lack of "after sale" product and device support, and is a #EpicFAIL to all parties concerned, without touching on the issue of false advertising a highly important security feature that cannot be used now, or in the foreseeable future... TP-LINK Support tried to blame MY high end router for the issue at first, then said it was a problem with APPLE and IOS 13 (Thanks Apple for looking after the security of our networks !) then claimed in community posts that this serious issue would be soon "fixed" with the pending release of IOS 14, which after installation, or course did not fix the issue, as the issue is solely with the defective TP-LINK product design / engineering.

 

****************************************************************************

IF THERE ARE ANY LAWYERS INTERESTED IN DISCUSSING THE POTENTIAL FOR A NATIONWIDE CLASS ACTION SUIT AGAINST 

TP-LINK FOR FALSE ADVERTISING OF WPA2-AES ENCRYPTION, PLEASE TEXT DAVID (BOCA RATON, FLORIDA) AT 561-450-9468 WITH YOUR NAME, FIRM NAME, PHONE, WEB URL AND CONTACT DETAILS. 

***************************************************************************

  3      
  3      
#1
Options
1 Accepted Solution
Re:ISSUE : NO WPA2-AES ENCRYPTION FOR TP-LINK WIRELESS EXTENDERS - RE200, RE300, RE400, RE600 + SERIES -Solution
2021-09-01 01:06:18 - last edited 2021-09-01 01:15:57

Hello everyone, 
Here is a summary thread for Range Extender Weak security issue where you could find the latest firmware or beta firmware that fixed the problem: 

[Solution] iPhone iOS14 recognizing the range extender wireless network as "weak security"
https://community.tp-link.com/en/home/forum/topic/232218?page=1


If your model is not listed, or you still experience the same issue, please leave your comment there with case details. We will look in to your inquiry as quickly as possible.

The above thread will guide you to TP-Link Global community temporarily, click here to continue your travel in TP-Link US community.

Recommended Solution
  0  
  0  
#16
Options
14 Reply
Re:ISSUE : NO WPA2-AES ENCRYPTION FOR TP-LINK WIRELESS EXTENDERS - RE200, RE300, RE400, RE600 + SERIES
2020-10-24 01:03:13 - last edited 2020-10-24 01:04:52

@DaveFromBoca I HAVE A TL-WA855RE V4 (purchased from Amazon) – great price, but also no AES from what I can tell.

 

I upgraded it to the latest firmware as well. 

  1  
  1  
#2
Options
Re:ISSUE : NO WPA2-AES ENCRYPTION FOR TP-LINK WIRELESS EXTENDERS - RE200, RE300, RE400, RE600 + SERIES
2020-10-31 19:40:44

 I just bought a RE200 mesh extender and an Archer A7 Mesh router. I don't see any option to change the extender's encryption to AES. 

 

@TP-Link When will a firmware update fic this issue ???

 

@DaveFromBoca 

  1  
  1  
#3
Options
Re:ISSUE : NO WPA2-AES ENCRYPTION FOR TP-LINK WIRELESS EXTENDERS - RE200, RE300, RE400, RE600 + SERIES
2020-11-17 22:00:03
Same issue with RE505X, purchased a few months back from Amazon UK
  1  
  1  
#4
Options
Re:ISSUE : NO WPA2-AES ENCRYPTION FOR TP-LINK WIRELESS EXTENDERS - RE200, RE300, RE400, RE600 + SERIES
2021-01-24 21:24:43 - last edited 2021-02-09 01:41:29

@DaveFromBoca 

FYI, I've just upgraded my RE650(CA).v1 to the latest FW (20201112) v1.09 ... so far, my iPhone (iOS 14.3) is no longer reporting the "Weak Security" error message.

 

I intend to wait a bit, then update this post.

 

Edit (2021-02-08): It's now been a couple of weeks since I made the change from FW (20190521) v1.07 to (20201112) v1.09 ... here are my findings:

  1. Devices associating with the RE650 are no longer reporting "weak security", however ...
  2. Most of my 2.4 GHz devices will NOT associate with the RE650. In fact, it's preventing devices from associating with my Asus AC5300 router/AP; as soon as I power down the RE650, devices associate to my router and work OK.
  3. I tried downgrading to (20200922) v1.08 to see if this improved the situation but it only seemed better randomly (i.e. sometimes works, sometimes doesn't).

 

In the end, I disabled the RE650's 2.4 GHz radio and only configured it to extend the coverage of 5 GHz. This has been working without any "weak security" warnings.

 

It's possible there's a hardware fault on my RE650 related to the 2.4 GHz band, rather than a failure of the new firmware.  The only way to verify is to downgrade it back to v1.07 to see if it's back to normal behavior (save the original "weak security" issue).  If I have too much time one day, I'll try that but for now, it's fulfilling my immediate need. (And if I get really ambitious, I'll contact TP-Link tech support.)

 

Still, I'm quite disappointed because it was working spectacularly at first and I've deployed a variety of TP-Link devices over the years (most recently, Ethernet switches, Smart Home light switches, SOHO routers, etc), with zero problems.

  0  
  0  
#7
Options
Re:ISSUE : NO WPA2-AES ENCRYPTION FOR TP-LINK WIRELESS EXTENDERS - RE200, RE300, RE400, RE600 + SERIES
2021-01-28 20:20:53

I recently purchased the "new" RE603X (AX) model extender to create a network that can reach 150'+ to my detached rural garage for streaming music. My three music streamers are clients on this "extended" network, covering the entire property (home and garage), and they work great. The Datasheet for the new RE603X reads "Wireless Security: 64/128-bit WEP, WPA/WPA2-PSK encryptions." Webopedia provides this information. 

 

WPA/WPA2-PSK Wi-Fi Protected Access 2 – Pre-Shared Key, and also called WPA or WPA2 Personal, is a method of securing your network using WPA2 with the use of the optional Pre-Shared Key (PSK) authentication, which was designed for home users without an enterprise authentication server. To encrypt a network with WPA2-PSK you provide your router not with an encryption key, but rather with a plain-English passphrase between 8 and 63 characters long. Using a technology called TKIP (for Temporal Key Integrity Protocol), that passphrase, along with the network SSID, is used to generate unique encryption keys for each wireless client. And those encryption keys are constantly changed. Although WEP also supports passphrases, it does so only as a way to more easily create static keys, which are usually comprised of the hex characters 0-9 and A-F.

 

Yes, iOS 14 (Apple devices) flag the "weak security" message below Wi-Fi in Settings. But this is being widely reported (Google it) as Apple is encouraging the most current standards. I connected directly to the 2.4 & 5G broadcast networks from my telephone-company provided modem (Actiontec C3000A) and got the same warning message. I checked the security settings on the modem and WPA2 Personal is the best offered at this time. I also called the telephone company's support and they assured me it was sufficient for the home environment. 
 

  0  
  0  
#8
Options
Re:ISSUE : NO WPA2-AES ENCRYPTION FOR TP-LINK WIRELESS EXTENDERS - RE200, RE300, RE400, RE600 + SERIES
2021-01-28 20:48:58 - last edited 2021-02-09 01:45:14

@RealityBroker I think you've misunderstood the point of this thread and why @DaveFromBoca started it ...

 

When TP-Link implemented WPA/WPA-2, they did so using TKIP instead of AES for key handling (i.e. how both sides securely negotiate a key and change to a new key over time), the former being less secure (and forces a slower bit rate).  That's the reason iOS flags it as "Weak Security" and people are complaining.  Despite widespread customer push-back, this hasn't been addressed for quite some time.

 

For my RE650, I now believe the current firmware release  (20201112, v1.09) finally implements AES since my iPhone (was iOS 14.3, now 14.4) has stopped issuing that warning. Customers owning one of these "RE" series of WiFi extenders would be wise to check for the latest firmware and update as necessary - yes, you included.

 

Hope that clears things up!

  0  
  0  
#9
Options
Re:ISSUE : NO WPA2-AES ENCRYPTION FOR TP-LINK WIRELESS EXTENDERS - RE200, RE300, RE400, RE600 + SERIES
2021-02-11 02:25:46

@DaveFromBoca 

 

I have been experiencing this problem (iPhone reporting weak security) with an R350 V3.0.

 

It has now been resolved with the latest Firmware and managing the device through TP-Link Cloud which offers access to far more security options than the Tether app.

 

I have set both 2.4Ghz and 5.0 Ghz to WPA2-PSK and AES encryption and "Weak Security" warning is no more.

  0  
  0  
#10
Options
Re:ISSUE : NO WPA2-AES ENCRYPTION FOR TP-LINK WIRELESS EXTENDERS - RE200, RE300, RE400, RE600 + SERIES
2021-02-15 10:31:49
Great for you ! I have the R-305 updated to the latest firmware version v1.1.14 and I still get the "WEAK SECURITY (WPA)" from Apple (Latest Big Sur version). So I pretty confident it's NOT SOLVED for everyone with an R-305. In 2021, why I'm I dealing with this kind of issue ? TP-Link you better make this right otherwise I'll soon trash this device buy a safe one and then I'll never buy your products for a long time. And of course I'll will discourage anyone I know from buy from you. Thanks in advance,
  1  
  1  
#11
Options
Re:ISSUE : NO WPA2-AES ENCRYPTION FOR TP-LINK WIRELESS EXTENDERS - RE200, RE300, RE400, RE600 + SERIES
2021-02-15 22:56:43

@dsenn have you tried changing the wifi security settings via TP-Link Cloud. That's what finally solved it for me.

  0  
  0  
#12
Options
Re:ISSUE : NO WPA2-AES ENCRYPTION FOR TP-LINK WIRELESS EXTENDERS - RE200, RE300, RE400, RE600 + SERIES
2021-05-16 13:20:58
How did you do that?
  0  
  0  
#13
Options