WLAN
WPS Security
|
WLANWPS Security |
|
WPS ("WiFi Protected Setup") is available on most modern WiFi products, including those from DrayTek. WPS is a facility enabling you to set up your WiFi client's security (WPA passwords) more easily. WPS is enabled on most WiFi routers and access points by default, so even if you don't use it, please be aware of this information.
A security vulnerability (exploit) has been reported in the WPS protocol. WPS is an industry-wide standard so whilst most DrayTek products do not have the vulnerability, if you have a product from another manufacturer, please check with them on that product. The exploit enables a hacker to access your network, even with encryption enabled; this will enable access to your Internet connection and also computers/devices on your network.
If you do not intend using WPS, you should still ensure you are using up to date firmware (see below) or just disable the facility.
The vulnerability relates to access points / routers that support an 'Access Point pincode' connection method. Most DrayTek products do not use the 'AP PINcode' access method, instead using the alternative 'Push button' or 'Client Pincode' methods. These latter methods are not succeptible to the vulnerability.
If you do not use or have any need for WPS, you can just disable the WPS facility. WPS can be disabled via the [Wireless LAN] > [WPS] menu. WPS is not necessary to set up WPA/WPA2 encryption (which is always recommended).
When WPS is disabled on DrayTek products, it is properly inactive however there are reports of other manufacturer's product's WPS still being active even once apparently disabled, so do check on your own product if it's not a DrayTek.
The following tables indicates if the unit is affected by the vulnerability.
| Vulnerable to AP PINcode exploit | WPS 'properly' inactive if disabled | F/W | |
|---|---|---|---|
| Vigor 2130n | No* | Yes | 1.5.1.2* |
| Vigor 2710n | No* | Yes | 3.3.6.1* |
| Vigor 2750n | No | Yes | 1.5.1.2 |
| Vigor 2820n | No | Yes | 3.3.6 |
| Vigor 2830n | No | Yes | 3.3.6.1 |
| Vigor 2850n | No | Yes | 3.3.6.1 |
| Vigor AP-700 v1 | Yes | Yes | 1.1.5 (v1) |
| Vigor AP-700 v2 | No* | Yes | 1.0.3* (v2) |
| Vigor AP-800 | No* | Yes | 1.0.3.1* |
| *Units running earlier firmware should upgrade | |||
If you have an AP-700 or one of the other products listed above running old firmware, you can check if theproduct supports an AP PINcode (the vulnerable method) by looking the WPS menu: If it has a AP / router pin listed in the WPS setup menu then it supports the 'AP Pincode' method, allowing entering of the AP PINcode on the WiFi client's WPS setup page.
NOTICE : This document is © SEG Communications and may not be distributed without specific written consent. Information and products subject to change at any time without notice.