[Official Release] AiMesh Firmware v3.0.0.4.384.10007 for All Supported Products

[CootjeNL]

I can't announce any unrelated feature, sorry.

我從使用 Tapatalk 的 ASUS_Z012DA 發送

Is it really a feature or is it a bug?
Is it not ment to be that a guest network can be reached on all connected routers?

 

[Ronald Schwerer]

Is it really a feature or is it a bug?
Is it not ment to be that a guest network can be reached on all connected routers?

The "bug" has always been there in repeaters and APs. A major security hole in that anyone connected as Guest on those boxes has full LAN accessibility. They are doing us a favor by not allowing guest SSIDs to be propagated to nodes. So I consider this a feature since otherwise all of us who value network security would be forced to disable all Guest logins.

 

[Ivanv]

Hey guys, this thread has been really useful, thank you all for the contribution. I am new here and I am afraid of 'bricking' my router (not sure if this can be done like with phones). I got a bit lost in all this thread and have a simple question (sorry if it was already answered, I did not find anything).
My question is how to upgrade from 1.0.2.0 US to 1.0.2.0 US Aimesh on my (TM) RT-AC68U router. The router has already been updated to 3.0.0.4.384_20308 by connecting to the internet, however because I used the non-AiMesh CFE, AiMesh is not working for me at the moment (can not see the node when searching).
Do I just follow the bayareatechpro instruction over again, just this time choosing 1.0.2.0 US Aimesh CFE over the standard US? Will this still work considering that it is already running 1.0.2.0 US?
Thank you!

 

[dabears]

I am using an AC5300 as router and ac68Us as NODES, I am able to disable WPS on router but the WPS remains functional on NODE side . Is WPS still vulnerable?

 

[Quad80]

I am using an AC5300 as router and ac68Us as NODES, I am able to disable WPS on router but the WPS remains functional on NODE side . Is WPS still vulnerable?

Same thing on 20308. I have asked for clarification, but have not yet received.

 

[arthurlien]

Same thing on 20308. I have asked for clarification, but have not yet received.

Regarding the current design, you can't turn WPS off in Node. No matter which version you used.

我從使用 Tapatalk 的 ASUS_Z012DA 發送

 

[Quad80]

Regarding the current design, you can't turn WPS off in Node. No matter which version you used.

我從使用 Tapatalk 的 ASUS_Z012DA 發送

1) Does this mean the network is vulnerable to insecurities of WPS, even if off at the router?

2) If so, when will this be fixed? You just patched KRACK, and WPS vulnerabilities are much older.

 

[arthurlien]

1) Does this mean the network is vulnerable to insecurities of WPS, even if off at the router?

2) If so, when will this be fixed? You just patched KRACK, and WPS vulnerabilities are much older.

The KRACK fixed and WPS off are totally different thing.

我從使用 Tapatalk 的 ASUS_Z012DA 發送

 

[dabears]

1) Does this mean the network is vulnerable to insecurities of WPS, even if off at the router?

2) If so, when will this be fixed? You just patched KRACK, and WPS vulnerabilities are much older.

I can confirm that the WPS on node with router side off does function and assume since it functions it is vulnerable

The KRACK fixed and WPS off are totally different thing.

我從使用 Tapatalk 的 ASUS_Z012DA 發送[/QUO

The KRACK fixed and WPS off are totally different thing.

我從使用 Tapatalk 的 ASUS_Z012DA 發送

2 different things but equally as bad

 

[Quad80]

The KRACK fixed and WPS off are totally different thing.

我從使用 Tapatalk 的 ASUS_Z012DA 發送

I know they are. I was trying to point out that *if* the WPS vulnerability exists, that's kind of upsetting because it's such an old vulnerability.

Let me point blank ask you: if the router has WPS off, but the node has it on, is the network vulnerable to these old WPS vulnerabilities? If so, when will it be fixed? Because security is important, so we need to know and we deserve it being fixed.

 

[Quad80]

I can confirm that the WPS on node with router side off does function and assume since it functions it is vulnerable

Well that is upsetting. So the question to @arthurlien is, when will this be fixed?

 

[arthurlien]

Well that is upsetting. So the question to @arthurlien is, when will this be fixed?

There are two things shall be clarified.

1. Disabled WPS : it's mean the WPS functionality will not be effective any more.

2. KRACK Fixed : It's mean the patch to fixed KRACK security issues.

One is functionality, one is security fixed. That's what I said as totally different things.


我從使用 Tapatalk 的 ASUS_Z012DA 發送

 

[RandomName23]

Well that is upsetting. So the question to @arthurlien is, when will this be fixed?

You could try ssh into the node and setting it off in nvram.

nvram set wps_enable=0
nvram commit

Haven’t tried this yet myself so no idea if it works

 

[dabears]

There are two things shall be clarified.

1. Disabled WPS : it's mean the WPS functionality will not be effective any more.

2. KRACK Fixed : It's mean the patch to fixed KRACK security issues.

One is functionality, one is security fixed. That's what I said as totally different things.


我從使用 Tapatalk 的 ASUS_Z012DA 發送

OK you are right in the sense one is a function and one is a security but:
Krack vulnerability= ability to sniff packets on a single client and we agree it was fixed
WPS vulnerability = ability to sniff entire network NOT FIXED and left ON on node side
IN MY mind these are both security issues

 

[arthurlien]

OK you are right in the sense one is a function and one is a security but:
Krack vulnerability= ability to sniff packets on a single client and we agree it was fixed
WPS vulnerability = ability to sniff entire network NOT FIXED and left ON on node side
IN MY mind these are both security issues

"WPS on" is not meant it's working any time and any where.

我從使用 Tapatalk 的 ASUS_Z012DA 發送

 

[dabears]

You could try ssh into the node and setting it off in nvram.

nvram set wps_enable=0
nvram commit

Haven’t tried this yet myself so no idea if it works

"WPS on" is not meant it's working any time and any where.

我從使用 Tapatalk 的 ASUS_Z012DA 發送

I tried it and it works on node side

 

[arthurlien]

I tried it and it works on node side

It shall be work that triggered by you.

我從使用 Tapatalk 的 ASUS_Z012DA 發送

 

[Pentium0]

Has anyone with an RT-AC68U noticed that overclocking no longer works with this firmware? I tried setting clkfreq=1000,800; committing; and rebooting. Checking again "nvram get clkfreq" still gives 800,666.
This used to work. I wonder if now ASUS checks the model or something in CFE and sets it from the factory specs.

I didn't read through to see if this was answered, but the T-Mobile branded 68u's have been successfully CFE'd to be 68p's that have the clockspeed you mentioned, 1000,800. I have two that I successfully CFE'd to be 68p and they're working great so far. Aimesh works fine on them.

I assume that any "real" 68u could be CFE flashed to 68p by the same method, which would only be for the overclock benefit.

 

[dabears]

Ple

It shall be work that triggered by you.

我從使用 Tapatalk 的 ASUS_Z012DA 發送

""WPS on" is not meant it's working any time and any where."
clarify how WPS is working then are you saying that it can no longer be attacked because it is ON all the time on the NODE

 

[arthurlien]

Ple

""WPS on" is not meant it's working any time and any where."
clarify how WPS is working then are you saying that it can no longer be attacked because it is ON all the time on the NODE

You mean the Node is doing wps procedure all the time?

我從使用 Tapatalk 的 ASUS_Z012DA 發送