WRVS4400N multi-SSID with multi-VLAN IPv6 security hole!

Unanswered Question

Hello all,

Since Cisco has now known about this issue for 3 weeks, and has failed to correct it, I though I would post it here to warn everybody.


I setup my router (WRVS4400N v2 with latest version 2.0.0.8 firmware) with the intention to create one SSID with tight security that has access to the server's on my LAN, and anothert SSID for public access that has access to internet only. I configured the device with IPV6 TURNED OFF, with all the proper SSID and VLAN settings. Upon initial testing, the Public SSID appeared to function the way I wanted. I could access the internet, but was not able to access or even ping anything on my LAN. Then a co-worker with a new laptop running Windows7 showed me that he was able to browse my LAN and access my Windows SBS 2008 Server when connected to the Public SSID. At first I thought "How can this be". Upon further inspection we discovered that his laptop running IPv4 and IPv6 was able to connect to my 2008 server also running IP4 and 6. Turns out, the VLAN is not filtering out IP6 traffic at all, only IP4 traffic! I created a support incident with Cisco. I sent them my config file. After a few days, they confirmed that they were able to duplicate the issue, and confirmed this is a flaw with the way their VLAN is handling IPv6 in relation to the multi-SSID function.


To my supprise, they responded back that mine was they only complaint they got regarding this, so the issue would just have to wait untill the next regualrly scheduled maintenance firmware release. There would be no raising of priority to resolve this serious security flaw.


I gave Cisco three weeks, now I am posting here to warn everybody.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mihagan Wed, 04/07/2010 - 21:45
User Badges:

Would you mind sending me a private message with your service request number so that I can take a look at the case that you logged with support?


Thank You

mihagan Wed, 04/07/2010 - 22:34
User Badges:

Mike,


I appreciate you passing your SR number to me. I looked over your case and found that cdets has been opened for this issue and it is being looked into. I assure you that this is not being ignored. I wish I could provide you with more information than that, but it is all I have at this time.

nealrfildes Sun, 04/11/2010 - 16:34
User Badges:

Does this apply to the rvs4000 as well? its antenna-less sister?

nrf

nealrfildes Tue, 05/11/2010 - 16:01
User Badges:

I think your expectations of this company for this product line are way beyond their ability to achieve.

pomfret Tue, 04/13/2010 - 09:20
User Badges:

We're seeing a similar, but intermittent issue with a WRVS4400N v2.


We have VLAN1/wVLAN1 with SSID1 for the internal network, and VLAN2/wVLAN2 with SSID2 for public wireless.  The SSID2 wireless connection is unsecured.


Initial setup of 1 wired and 1 wireless client indicated isolation between the two VLAN/wVLAN connections as expected.  That is, wireless clients on SSID2 could not see the network connected to VLAN1/SSID1.


Thinking all was good, I disabled VLAN1's DHCP setting on the router (we run internal IPv4 DHCP/dns on Windows Server 08 r2), leaving VLAN2's DHCP enabled to service public connections.  As soon as I did this, clients connecting to SSID2 were randomly being handed off to the Windows DHCP Server on VLAN1 and happily accepting the provided network configuration of VLAN1, allowing them into our internal network without security checks as SSID2 is unsecured.


After poking through the router admin and hitting save a few times to confirm isolation settings, I'd say that SSID2 clients are connecting to VLAN1 at least 25% of the time.  If I remove the Windows DHCP Server from the network, this problem seems to stop.  Also, having the Windows DHCP Server enabled seems to override the router DHCP settings (if enabled) on VLAN1 for both wired and wireless clients (clients will pull DHCP from the Windows Server, not the router).


IPv6 is disabled on the router and not configured on the Windows DHCP Server.  Turning IPv6 on/off on the wireless clients doesn't seem to make much of a difference.  I just tested this by enabling IPV6 on the wireless adapter, connecting to SSID2 (public network) and receiving an IP address from VLAN1.  Immediately after I did ipconfig /release|renew on this client and confirmed the connection to SSID2, noting that the wireless adapter was reconfigured with the expected settings of VLAN2.


Is this the expected behavior of the WRVS4400N and/or somehow related to IPv6?


Brian

jeffschott Wed, 02/16/2011 - 12:16
User Badges:

Has anyone had any success with this issue? I have made multiple calls and they confirm the problem via remote logon from support, and to me on the phone, but I never have any follow up messages execept "SERVICE REQUEST  CLOSED".

This is a major security whole that needs to be fixed fast!

Actions

This Discussion