Tenda Nova MW6 Weak Wi-Fi Security on Secondary Node

I have a Tenda MW6 set with two nodes, ethernet backhaul. It runs great but,

iOS 14 gave me the notification of shame. Weak security. But this only happens when connected to the secondary node. When connected to the primary node the warning is not there.

Running

/System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s

from my Macbook yields the following:

(Primary)
SSID B:S:S:I:D -56 6,-1 Y — WPA2(PSK/AES/AES)
SSID B:S:S:I:D -56 40 Y US WPA2(PSK/AES/AES)

(Secondary)
SSID B:S:S:I:D -49 6,-1 Y — WPA(PSK/TKIP,AES/TKIP) WPA2(PSK,FT-PSK/TKIP,AES/TKIP)
SSID B:S:S:I:D -37 40 Y US WPA(PSK/TKIP,AES/TKIP) WPA2(PSK,FT-PSK/TKIP,AES/TKIP)

So indeed the secondary node is accepting WPA1 and TKIP as well as WPA2 AES but the primary node only takes WPA2 AES.

Following the research done at https://github.com/latonita/tenda-reverse I managed to telnet as root into each node (press and hold reset for 3 seconds to open port 23, root password is the base64 of your wifi password) and dump all the internal settings and there's little that varies between them. I tried changing the following settings which differed but it did not help:

wl2g.public.dot11r=0
wl2g.public.dot11v=0
wl5g.public.dot11r=0
wl5g.public.dot11v=0
wlan.fastroam.enable=0

Can anyone else with MW6's please check the Wifi security settings for each of your nodes and report back if your experience is the same as mine? And of course if you know how to fix this issue that would be even better.

(It is known the older Tenda MW3 only supports WPA2 TKIP)

Comments

  • -5

    Is this even in English?

    • +1

      没有

    • +2

      You are in a computing sub forum…

  • Is the config being saved properly? When the device restarts are the settings retained? You could also try and reinstantiate the config via a Cron Job upon reboot.

    • Config is retained upon reboot

  • Related forum post on MW3 from earlier this month. Can you change the WPA algorithm from TKIP to AES?

    • You can't change anything related to security in the app except the password.
      The primary node definitely does WPA2 AES only.

      In the internal settings, this is everything listed that relates to wireless security and they are the same between the nodes:

      wl2g.ssid0.bss_auto_hide_ssid=1
      wl2g.ssid0.bss_maxassoc=48
      wl2g.ssid0.enable=1
      wl2g.ssid0.guest_enable=0
      wl2g.ssid0.hide=0
      wl2g.ssid0.key_uptime=0
      wl2g.ssid0.maclist1=
      wl2g.ssid0.maclist_num=0
      wl2g.ssid0.macmode=deny
      wl2g.ssid0.pretype=long
      wl2g.ssid0.radius_ip=
      wl2g.ssid0.radius_key=
      wl2g.ssid0.radius_port=1812
      wl2g.ssid0.radius_time=0
      wl2g.ssid0.security=wpapsk
      wl2g.ssid0.ssid=MYSSID
      wl2g.ssid0.ssid_encode=utf-8
      wl2g.ssid0.sta_isolate=0
      wl2g.ssid0.wep_key=1
      wl2g.ssid0.wep_key1=12345
      wl2g.ssid0.wep_key2=12345
      wl2g.ssid0.wep_key3=12345
      wl2g.ssid0.wep_key4=12345
      wl2g.ssid0.wep_type=open
      wl2g.ssid0.wmm=on
      wl2g.ssid0.wmm_apsd=off
      wl2g.ssid0.wpa_crypto=aes
      wl2g.ssid0.wpa_type=wpa
      wl2g.ssid0.wpapsk_crypto=aes
      wl2g.ssid0.wpapsk_psk=MYPASSWORD
      wl2g.ssid0.wpapsk_type=psk2
      wl2g.ssid0.wps_enable=1

      • This is from my router cfg which is a different brand to yours:
        aaa.2.wpa.1.pairwise=CCMP

        Maybe you could add

        wl2g.ssid0.pairwise=AES

        Edit: You should also disable WPS for security purposes.

        • The main confusing thing is that both nodes have the same parameters but act differently.
          pairwise doesn't appear at all in my configuration but I'll have a go at adding it.

          If you don't mind, could you dump your config in it's entirety and PM me? Understandable if you don't want to.

          Indeed WPS should be disabled. There's a WPS PIN listed as well that I missed. Sounds like a backdoor.

          • +1

            @cooni: aaa.3.pmf.status=enabled
            aaa.3.pmf.mode=1
            aaa.3.ft.status=disabled
            aaa.3.country_beacon=disabled
            aaa.3.11k.status=disabled
            aaa.3.br.devname=br4
            aaa.3.devname=ra2
            aaa.3.driver=madwifi
            aaa.3.ssid=XXXXXXXXXXXXXXXXXXXXXXXXXX
            aaa.3.status=enabled
            aaa.3.verbose=2
            aaa.3.wpa=2
            aaa.3.eapol_version=2
            aaa.3.wpa.group_rekey=3600
            aaa.3.p2p=disabled
            aaa.3.p2p_cross_connect=disabled
            aaa.3.proxy_arp=disabled
            aaa.3.is_guest=true
            aaa.3.tdls_prohibit=disabled
            aaa.3.bss_transition=enabled
            aaa.3.id=XXXXXXXXXXXXXXXXXXXXXXXX
            aaa.3.wpa.key.1.mgmt=WPA-PSK
            aaa.3.wpa.psk=XXXXXXXXXXXXXXX
            aaa.3.wpa.1.pairwise=CCMP
            aaa.3.radius.macacl.status=disabled
            aaa.3.hide_ssid=false
            wireless.3.mode=master
            wireless.3.devname=ra2
            wireless.3.id=XXXXXXXXXXXXXXXXXXXXXXXXX
            wireless.3.status=enabled
            wireless.3.authmode=1
            wireless.3.l2_isolation=enabled
            wireless.3.is_guest=true
            wireless.3.security=none
            wireless.3.addmtikie=disabled
            wireless.3.ssid=XXXXXXXXXXXX
            wireless.3.hide_ssid=false
            wireless.3.mac_acl.status=enabled
            wireless.3.mac_acl.policy=deny
            wireless.3.wmm=enabled
            wireless.3.uapsd=enabled
            wireless.3.parent=ra0
            wireless.3.puren=0
            wireless.3.pureg=1
            wireless.3.usage=guest
            wireless.3.wds=disabled
            wireless.3.mcast.enhance=1
            wireless.3.autowds=disabled
            wireless.3.vport=disabled
            wireless.3.vwire=disabled
            wireless.3.schedule_enabled=disabled
            wireless.3.no2ghz_oui=enabled
            wireless.3.element_adopt=disabled
            wireless.3.mcastrate=auto
            wireless.3.bga_filter=enabled
            wireless.3.dtim_period=3
            wireless.3.minrate_data=6000
            wireless.3.beacon_rate=6000
            wireless.3.mgmt_rate=1000
            wireless.3.bcfilt.status=enabled
            wireless.3.bcfilt.1.status=enabled
            wireless.3.bcfilt.1.mac=XX:XX:XX:XX:XX:XX

  • There's a new firmware that specifically addresses this.
    V1.0.0.29(5834)

    • I've been on firmware v1.0.0.30(6807) for over a year, at least. I actually don't recall ever seeing another firmware update after the one when I first set them up.

      • On MW6?

        • Yeah. I have 3x MW6.

          • @dansblackcat: That’s odd. Maybe we have different hardware versions.

            • @cooni: I haven't seen any mention of different version or revisions but I guess it would have to be something like that.

              • @dansblackcat: https://deviwiki.com/wiki/Tenda_Mesh3_(Nova_MW6)

                https://deviwiki.com/wiki/Tenda_Mesh3-18_(Nova_MW6_2018)

  • resurrecting an old post - cooni does this mean ios/iphone still supports a router using tkip??

    • TKIP no longer an option so no warning shown in iOS. The wifi part of the router is now considered safe.

      • Thanks. I was trying to understand the practical aspect of your post alongside the many "mw6 is unsafe" unqualified posts on this and other forums.

        • +1

          Yep it’s all good now

Login or Join to leave a comment