I set my Opal as a repeater and after using a network analyzer I noticed the Opal’s network has WPS enabled, which is a huge security risk, I can’t see an option on OpenWRT to disable it and also I tried to connect to the router using SSH and I wasn’t able to do anything, I thought I would be able to delete the WPS files but on the path /etc/rc.button/wps I can’t see anything
I even did a factory reset and WPS is still enabled by default, that’s what it looks like at least
What can I do to disable it?
I scanned the network using an analyzer and it shows WPS is enabled, even on Linux I tried a penetration test (with no success) but it shows WPS is enabled. The weird thing is that I tried to push the button on my router to connect via WPS and it didn’t work, what could be happening here?
So is not a risk to leave it like that, thank you. When I pushed the button the WPS didn’t work on an old android phone but the fact the light was blinking made me think otherwise, I tried a lot of times and I was not able to connect using WPS
You’re fine. There’s still no hostapd-utils installed on your Opal so even if an interface was configured it would never get anywhere.
It looks like GL was going to provide the WPS feature on the Opal (hence the rpc & json calls) but didn’t complete it/killed it for the vulnerability it is.