Archer C1900 SECURITY CONCERN (Disable wireless access to router settings)
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Archer C1900 SECURITY CONCERN (Disable wireless access to router settings)
Model :
Archer C1900 US
Hardware Version : V1
Firmware Version : 3.17.0 Build 20151009 Rel 61423n
FCC ID: TE7C9
ISP : Suddenlink
In light of recent wikileaks regarding CIA cherryblossum, I am requesting that you update your firmware unless you can confirm these routers have an option to disable wireless/wifi Administration so no one can access the router's settings unless they are directly connected to the router via ethernet. I may be wrong but I didn't notice an option for http or https login. This confirms what I knew the entire time that all someone has to do is spoof a mac address and have the wifi password (google codenamed temptest). Even securing the router with strong encryption, mac adress filtering etc they are not secure. They can install modified firmware that you would never notice any difference. I am a Certified Network Professional asking you please add this option. No offense to CIA but I know there are hackers in the USA 10 times better.
For example any foreign countries like China, Korea :rolleyes:etc with satellite that are capable of zooming in on someone sitting by a window or outside looking at their mac, password etc. They make a list of them...wait a year...then login to routers with spoofed mac and password..modify the firmware on 23 billion U.S. routers to bottlekneck attack the Pentagon, FBI etc
Just last year, my network got hit with some type of drone. I actually managed to use a wireless device and get its real mac address. I Google searched and that was when I discovered the vendor company manufactured drones. The thing sniffed my netgear router's ssid and mac. It cloned both and ddos attacked the router disabling it's wifi then impersonated it with a ' man in the middle'. We live in a high tech society so this is a legitimate high tech concern.
Also wondering if this particular model w/firmware can be flashed from stock image to ddwrt or tomato firmware? I read that the tomato firmware does have this option.
I compliment you guys on this router. We have 6 square acres of land and I can pick up a signal anywhere on the property. From on one side to the property line I can get at least a 5Mbs download speed out of 50Mbs. I would really like to see that option added. Please!
keywords:router login, router settings, disable wireless management
Hardware Version : V1
Firmware Version : 3.17.0 Build 20151009 Rel 61423n
FCC ID: TE7C9
ISP : Suddenlink
In light of recent wikileaks regarding CIA cherryblossum, I am requesting that you update your firmware unless you can confirm these routers have an option to disable wireless/wifi Administration so no one can access the router's settings unless they are directly connected to the router via ethernet. I may be wrong but I didn't notice an option for http or https login. This confirms what I knew the entire time that all someone has to do is spoof a mac address and have the wifi password (google codenamed temptest). Even securing the router with strong encryption, mac adress filtering etc they are not secure. They can install modified firmware that you would never notice any difference. I am a Certified Network Professional asking you please add this option. No offense to CIA but I know there are hackers in the USA 10 times better.
For example any foreign countries like China, Korea :rolleyes:etc with satellite that are capable of zooming in on someone sitting by a window or outside looking at their mac, password etc. They make a list of them...wait a year...then login to routers with spoofed mac and password..modify the firmware on 23 billion U.S. routers to bottlekneck attack the Pentagon, FBI etc
Just last year, my network got hit with some type of drone. I actually managed to use a wireless device and get its real mac address. I Google searched and that was when I discovered the vendor company manufactured drones. The thing sniffed my netgear router's ssid and mac. It cloned both and ddos attacked the router disabling it's wifi then impersonated it with a ' man in the middle'. We live in a high tech society so this is a legitimate high tech concern.
Also wondering if this particular model w/firmware can be flashed from stock image to ddwrt or tomato firmware? I read that the tomato firmware does have this option.
I compliment you guys on this router. We have 6 square acres of land and I can pick up a signal anywhere on the property. From on one side to the property line I can get at least a 5Mbs download speed out of 50Mbs. I would really like to see that option added. Please!
keywords:router login, router settings, disable wireless management
Re:Archer C1900 SECURITY CONCERN (Disable wireless access to router settings)
Ok racking my brain here but would this work
By disabling the normal 2G and 5G..
then setting up the guest network
but leaving the box for (local network) (192.168.xxx) restricted?
Shouldn't this allow anyone on the guest network
use of internet still? Correct me if I am wrong but
wouldn't this force any router admin login to be
done via ethernet?
By disabling the normal 2G and 5G..
then setting up the guest network
but leaving the box for (local network) (192.168.xxx) restricted?
Shouldn't this allow anyone on the guest network
use of internet still? Correct me if I am wrong but
wouldn't this force any router admin login to be
done via ethernet?
Re:Archer C1900 SECURITY CONCERN (Disable wireless access to router settings)
On most wifi scanners the disabled 2G & 5G wireless doesn't show up. But I have noticed a few it does. You can still detect the signal but it has no ssid.
If it broadcast no ssid outside of hacking you can't connect¿?
One solution on your company side would be to add an option like for the guest account "allow guest access to my local network" on the 2G and 5G settings pages. ( □Allow access to my local network) This would still give all wireless devices internet access but restrict local ip's like 10.0.0.1 and 192.168.xxx. The only other way would be to have separate internal radio unit for guest account.
The first would be a more practical approach rather than trying to restrict individual local ip's. I have 2 routers with a repeater between them so the 2nd router gets assigned an ip of 10.0.0.1. I question interference though with other devices inside the network like routers and repeaters. There may be something that I am overlooking but I can't get into those settings on either router or repeater except by ethernet. I still have internet access though on both router's wifi guest accounts but I can't login to the repeater's wifi. It's still repeating the signal from the TP-LINK Router (with the 2nd router's RJ-45 Internet port conected into the repeater) but you can't login to the repeater's wifi ssid. If you can't login it then you can't modify firmware either. All 3 have wireless mac filters to only allow our known devices.
The released documents regarding cia cherry blossom didn't list any TP-Link Routers as vulnerable but I am telling you if the firmware can be flashed or upgraded via wifi they are vulnerable. This would be the 1st base to cover. Worthy of an option on the firmware page □Disable wireless upgrading
If it broadcast no ssid outside of hacking you can't connect¿?
One solution on your company side would be to add an option like for the guest account "allow guest access to my local network" on the 2G and 5G settings pages. ( □Allow access to my local network) This would still give all wireless devices internet access but restrict local ip's like 10.0.0.1 and 192.168.xxx. The only other way would be to have separate internal radio unit for guest account.
The first would be a more practical approach rather than trying to restrict individual local ip's. I have 2 routers with a repeater between them so the 2nd router gets assigned an ip of 10.0.0.1. I question interference though with other devices inside the network like routers and repeaters. There may be something that I am overlooking but I can't get into those settings on either router or repeater except by ethernet. I still have internet access though on both router's wifi guest accounts but I can't login to the repeater's wifi. It's still repeating the signal from the TP-LINK Router (with the 2nd router's RJ-45 Internet port conected into the repeater) but you can't login to the repeater's wifi ssid. If you can't login it then you can't modify firmware either. All 3 have wireless mac filters to only allow our known devices.
The released documents regarding cia cherry blossom didn't list any TP-Link Routers as vulnerable but I am telling you if the firmware can be flashed or upgraded via wifi they are vulnerable. This would be the 1st base to cover. Worthy of an option on the firmware page □Disable wireless upgrading
Re:Archer C1900 SECURITY CONCERN (Disable wireless access to router settings)
ok I know for a fact it does have this option.
untested regarding access to the router's internal settings with ap isolation enabled. If they are still able to communicate with the router this may not resolve the issue.