Archer C1900 SECURITY CONCERN (Disable wireless access to router settings)

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Archer C1900 SECURITY CONCERN (Disable wireless access to router settings)
Archer C1900 SECURITY CONCERN (Disable wireless access to router settings)
2017-06-19 14:01:30
Model : Archer C1900 US

Hardware Version : V1

Firmware Version : 3.17.0 Build 20151009 Rel 61423n

FCC ID: TE7C9

ISP : Suddenlink

In light of recent wikileaks regarding CIA cherryblossum, I am requesting that you update your firmware unless you can confirm these routers have an option to disable wireless/wifi Administration so no one can access the router's settings unless they are directly connected to the router via ethernet. I may be wrong but I didn't notice an option for http or https login. This confirms what I knew the entire time that all someone has to do is spoof a mac address and have the wifi password (google codenamed temptest). Even securing the router with strong encryption, mac adress filtering etc they are not secure. They can install modified firmware that you would never notice any difference. I am a Certified Network Professional asking you please add this option. No offense to CIA but I know there are hackers in the USA 10 times better.

For example any foreign countries like China, Korea :rolleyes:etc with satellite that are capable of zooming in on someone sitting by a window or outside looking at their mac, password etc. They make a list of them...wait a year...then login to routers with spoofed mac and password..modify the firmware on 23 billion U.S. routers to bottlekneck attack the Pentagon, FBI etc

Just last year, my network got hit with some type of drone. I actually managed to use a wireless device and get its real mac address. I Google searched and that was when I discovered the vendor company manufactured drones. The thing sniffed my netgear router's ssid and mac. It cloned both and ddos attacked the router disabling it's wifi then impersonated it with a ' man in the middle'. We live in a high tech society so this is a legitimate high tech concern.

Also wondering if this particular model w/firmware can be flashed from stock image to ddwrt or tomato firmware? I read that the tomato firmware does have this option.

I compliment you guys on this router. We have 6 square acres of land and I can pick up a signal anywhere on the property. From on one side to the property line I can get at least a 5Mbs download speed out of 50Mbs. I would really like to see that option added. Please!

keywords:router login, router settings, disable wireless management
  0      
  0      
#1
Options
9 Reply
Re:Archer C1900 SECURITY CONCERN (Disable wireless access to router settings)
2017-06-20 03:27:54
Ok racking my brain here but would this work



By disabling the normal 2G and 5G..



then setting up the guest network



but leaving the box for (local network) (192.168.xxx) restricted?
Shouldn't this allow anyone on the guest network
use of internet still? Correct me if I am wrong but
wouldn't this force any router admin login to be
done via ethernet?
  0  
  0  
#2
Options
Re:Archer C1900 SECURITY CONCERN (Disable wireless access to router settings)
2017-06-20 04:30:43
Confirmed from tablet that still has internet!

This site can’t be reached 192.168.0.1 took too long to respond.
Try:
Checking the connection
ERR_TIMED_OUT


Reload
HIDE DETAILS

Check your Internet connection
[COLOR=#777777]Check any cables and reboot any routers, modems, or other network devices you may be using.


  0  
  0  
#3
Options
Re:Archer C1900 SECURITY CONCERN (Disable wireless access to router settings)
2017-06-20 04:52:43
Apologies for the language but #$! I will not be flashing the firmware to ddwrt or tomato! My netgear lost some functionality doing it. If what I read about being unable to modify firmware applies to this model...it may be more secure than the competitors! Nice!!! :cool:

The known router range as of now is over 801 ft (14.50 Mbs)
  0  
  0  
#4
Options
Re:Archer C1900 SECURITY CONCERN (Disable wireless access to router settings)
2017-06-20 09:19:36
This might be worth adding to the user manual as for how to disable wireless access to router settings.
  0  
  0  
#5
Options
Re:Archer C1900 SECURITY CONCERN (Disable wireless access to router settings)
2017-06-20 10:51:04
On most wifi scanners the disabled 2G & 5G wireless doesn't show up. But I have noticed a few it does. You can still detect the signal but it has no ssid.









If it broadcast no ssid outside of hacking you can't connect¿?

One solution on your company side would be to add an option like for the guest account "allow guest access to my local network" on the 2G and 5G settings pages. ( □Allow access to my local network) This would still give all wireless devices internet access but restrict local ip's like 10.0.0.1 and 192.168.xxx. The only other way would be to have separate internal radio unit for guest account.

The first would be a more practical approach rather than trying to restrict individual local ip's. I have 2 routers with a repeater between them so the 2nd router gets assigned an ip of 10.0.0.1. I question interference though with other devices inside the network like routers and repeaters. There may be something that I am overlooking but I can't get into those settings on either router or repeater except by ethernet. I still have internet access though on both router's wifi guest accounts but I can't login to the repeater's wifi. It's still repeating the signal from the TP-LINK Router (with the 2nd router's RJ-45 Internet port conected into the repeater) but you can't login to the repeater's wifi ssid. If you can't login it then you can't modify firmware either. All 3 have wireless mac filters to only allow our known devices.

The released documents regarding cia cherry blossom didn't list any TP-Link Routers as vulnerable but I am telling you if the firmware can be flashed or upgraded via wifi they are vulnerable. This would be the 1st base to cover. Worthy of an option on the firmware page □Disable wireless upgrading
  0  
  0  
#6
Options
Re:Archer C1900 SECURITY CONCERN (Disable wireless access to router settings)
2017-06-20 22:04:41
Hello, it's almost impossible after disabled the WiFi to broadcast! After you disabled did you restart the router? , do it and try if seen again. Good luck.
  0  
  0  
#7
Options
Re:Archer C1900 SECURITY CONCERN (Disable wireless access to router settings)
2017-06-21 12:30:23
timi, Restarting the router won't affect the disabled 2G & 5G ssids from showing up on wifi analyzers as hidden networks and it's not disabling the wifi signal just the signal's ssid timi. Correct me if I am wrong but this would leave the hidden ssid unencrypted.

Reading:
https://www.howtogeek.com/179089/lock-down-your-wi-fi-network-with-your-routers-wireless-isolation-option/
  0  
  0  
#8
Options
Re:Archer C1900 SECURITY CONCERN (Disable wireless access to router settings)
2017-06-21 14:36:27







ok I know for a fact it does have this option.
untested regarding access to the router's internal settings with ap isolation enabled. If they are still able to communicate with the router this may not resolve the issue.
  0  
  0  
#9
Options
Re:Archer C1900 SECURITY CONCERN (Disable wireless access to router settings)
2017-06-22 13:41:47
Ok it does have an option under advanced/Security/Local Management () only allow the pc's listed to perform administrator task. Ok conncted to the tp link via wifi I confirm you cant access 192.168.xxxx. No clue how I missed this. I will probably delete this thread.
  0  
  0  
#10
Options