I'm experiencing a problem with my D-Link DIR-825 revB router with security disabled when connecting a device via Wi-Fi Protected Setup. The device is erroring out when processing the WPS M8 message, specifically on the "Network key" TLV attribute.
In the M8 message being sent from the router, it correctly includes the "Network key" type (0x1027) and has the length of zero (0x0000), which seems right since security is disabled. But then, instead of going straight to the next TLV attribute (since the length was set to 0) it includes one byte of extra data (value 0x2a) before continuing to the next TLV ("MAC Address", value 0x1020).
This seems to be a problem with the firmware of the DIR-825 router, and can be fairly easily verified by simply initiating a WPS session (seems to happen on both PBC and PIN modes) when the router is configured to have security disabled and sniffing the packets. I tried updating the firmware to the newest available version (2.03NA) but it seems to be having the same problem. I know using WPS when security is disabled might seem like a pretty wacky corner case, but I just thought I would bring this problem to someone's attention so it doesn't slip into any other products.
Author
Topic: WPS problem with security disabled (Read 3435 times)