Author Topic: WS2910 Share too many information on local network  (Read 1155 times)

0 Members and 1 Guest are viewing this topic.

Offline V1c3

  • Member
  • *
  • Posts: 5
WS2910 Share too many information on local network
« on: November 03, 2022, 03:39:40 PM »
Hello guys,

I just installed a WS2910 Weather Station and noticed that the EasyWeatherPro_V5.1.0 software used to connect the device to the local network
publish on the same network a page to see all the settings and maybe modify them, do you know if it possible disable this feature ?
 [ You are not allowed to view attachments ]

Offline Gyvate

  • Forecaster
  • *****
  • Posts: 3298
Re: WS2910 Share too many information on local network
« Reply #1 on: November 03, 2022, 06:10:12 PM »
as far as I know you cannot switch that off.
The old EasyWeather 1.6.4 WiFi firmware allows the same via the WS View Plus app.
I guess that EasyWeatherPro can also update OTA (over the air) from via Web(server) interface.
On the other hand, all wireless devices in your local network will need to have the SSID and the router password to get connected...
And - you have to connect to your console in order to configure the posting to weather networks and a custom address ...
I guess what you are looking for is that the access shouldn't be open but (optionally) password protected.
We can suggest that to Ecowitt - but consequently that should then also apply to the WS View Plus app.
A password protected login is already the available for the GW1100 and GW2000 WebUIs whereas the access via WS View app is open.
WS2350 1.6.7, GW1000(3) 1.7.7,WH2650 WiFi (2) 1.7.7 (test/backup), GW1100 2.3.1, GW2000(3) 3.1.1, HP2551 1.9.5,5.1.5;HP3500 1.7.2,WS3800 1.2.8, WN1910 1.2.3,WN1980 1.2.3;
Ecowitt WS90(2)1.3.5/1.4.0, WS80(2)1.2.5, WS68, WS69, WH40, WH31, WH31-EP, WN30, WN34L, WN35, WH32, WH32-EP, WH32B, WH57 [Lightning], WH41 [PM2.5], WH51, WH45, WH55
MeteobridgePro(2)[test,prod] 5.8 Mar 01 2024, 15185 - Blake-Larsen Sun Recorder - RPi4/weewx 4.8.0/4.10.2/CumulusMX 3283/Meteobridge RPi4B-2GB(3169)
Barani Meteoshield Pro, MetSpec Rad02 - Ecowitt 5763,34418;WU ISAARB3(WH4000SE),ISAARB22(HP2553), http://meshka.eu

Offline V1c3

  • Member
  • *
  • Posts: 5
Re: WS2910 Share too many information on local network
« Reply #2 on: November 03, 2022, 07:02:41 PM »
Yes, I'm looking for a way to prevent display of all these information in clear.
Is true that only an internal user could see it but still is a severe hole in the security, they could at least password protect the page and use https.
The worst thing of the page is to show WiFi password in clear, is not needed at all and put all your local network under risk.
Can you please point me on how to suggest that to Ecowitt ?

Best,
A. 
 

Offline Gyvate

  • Forecaster
  • *****
  • Posts: 3298
Re: WS2910 Share too many information on local network
« Reply #3 on: November 17, 2022, 03:02:58 AM »
does your WebUI have a section (maybe "Device Settings") which shows the following option:
 [ You are not allowed to view attachments ]   ??
With this you can restrict the access to the WebUI - also inside the local network.
WS2350 1.6.7, GW1000(3) 1.7.7,WH2650 WiFi (2) 1.7.7 (test/backup), GW1100 2.3.1, GW2000(3) 3.1.1, HP2551 1.9.5,5.1.5;HP3500 1.7.2,WS3800 1.2.8, WN1910 1.2.3,WN1980 1.2.3;
Ecowitt WS90(2)1.3.5/1.4.0, WS80(2)1.2.5, WS68, WS69, WH40, WH31, WH31-EP, WN30, WN34L, WN35, WH32, WH32-EP, WH32B, WH57 [Lightning], WH41 [PM2.5], WH51, WH45, WH55
MeteobridgePro(2)[test,prod] 5.8 Mar 01 2024, 15185 - Blake-Larsen Sun Recorder - RPi4/weewx 4.8.0/4.10.2/CumulusMX 3283/Meteobridge RPi4B-2GB(3169)
Barani Meteoshield Pro, MetSpec Rad02 - Ecowitt 5763,34418;WU ISAARB3(WH4000SE),ISAARB22(HP2553), http://meshka.eu

Offline V1c3

  • Member
  • *
  • Posts: 5
Re: WS2910 Share too many information on local network
« Reply #4 on: November 17, 2022, 12:00:28 PM »
no, I don't see that section or similar, the page isn't password protected  ](*,), what version do you have ?

Offline kheller2

  • Forecaster
  • *****
  • Posts: 518
Re: WS2910 Share too many information on local network
« Reply #5 on: November 17, 2022, 11:07:40 PM »
Since when did the ws2910 have a web interface? 
Ambient Consoles: WS-2000, WS-1900, WS-1200, WS-2902C, WS-3000-X3, WS-0900-IP(observerIP), WS-1001-WIFI
Ambient Arrays: WH65B
Ambient Sensors: WH31E(3), WH31B(2), WH32B, WH31SM(2), WH31PGW, AQIN, WH31LA(3)
Ambient Spares: WH24B(2), WH25B.
Ecowitt: HP2551BU, GW1000B(dead), GW1100B(2), GW2000B
Ecowitt Sensors: WH51, WN34BL, WN34(2), WH31, WH41, WH40

Offline Gyvate

  • Forecaster
  • *****
  • Posts: 3298
Re: WS2910 Share too many information on local network
« Reply #6 on: November 18, 2022, 03:06:28 AM »
As far as I know the new models are produced with a different WiFi modem like it is also the case for the HP2551 and HP2560 consoles.

In order to handle this new WiFi modem (see MUST READ thread) a different WiFi firmware is needed: EasyWeatherPro (latest version 5.1.0).
Its interface can also be reached via browser (=WebUI). These are the pictures posted earlier.
Ecowitt are working on a unified EasyWeatherPro 5.x.y version which covers consoles with the old and new WiFi modem.

It looks as if this new WebUI could be improved by making the access also password protected as it is the case for the GW1100/GW2000 WebUIs.
WS2350 1.6.7, GW1000(3) 1.7.7,WH2650 WiFi (2) 1.7.7 (test/backup), GW1100 2.3.1, GW2000(3) 3.1.1, HP2551 1.9.5,5.1.5;HP3500 1.7.2,WS3800 1.2.8, WN1910 1.2.3,WN1980 1.2.3;
Ecowitt WS90(2)1.3.5/1.4.0, WS80(2)1.2.5, WS68, WS69, WH40, WH31, WH31-EP, WN30, WN34L, WN35, WH32, WH32-EP, WH32B, WH57 [Lightning], WH41 [PM2.5], WH51, WH45, WH55
MeteobridgePro(2)[test,prod] 5.8 Mar 01 2024, 15185 - Blake-Larsen Sun Recorder - RPi4/weewx 4.8.0/4.10.2/CumulusMX 3283/Meteobridge RPi4B-2GB(3169)
Barani Meteoshield Pro, MetSpec Rad02 - Ecowitt 5763,34418;WU ISAARB3(WH4000SE),ISAARB22(HP2553), http://meshka.eu

Offline Gyvate

  • Forecaster
  • *****
  • Posts: 3298
Re: WS2910 Share too many information on local network
« Reply #7 on: November 18, 2022, 03:15:37 AM »
I have contacted Ecowitt and asked to implement an optional password protection of the EasyWeatherPro WebUI in a future firmware upgrade as it is already the case for the GW1100/GW2000 WebUIs.
This concerns all recently manufactured console models with the new WiFi modem:
WS2320E, WS2910, HP2551, HP2560
WS2350 1.6.7, GW1000(3) 1.7.7,WH2650 WiFi (2) 1.7.7 (test/backup), GW1100 2.3.1, GW2000(3) 3.1.1, HP2551 1.9.5,5.1.5;HP3500 1.7.2,WS3800 1.2.8, WN1910 1.2.3,WN1980 1.2.3;
Ecowitt WS90(2)1.3.5/1.4.0, WS80(2)1.2.5, WS68, WS69, WH40, WH31, WH31-EP, WN30, WN34L, WN35, WH32, WH32-EP, WH32B, WH57 [Lightning], WH41 [PM2.5], WH51, WH45, WH55
MeteobridgePro(2)[test,prod] 5.8 Mar 01 2024, 15185 - Blake-Larsen Sun Recorder - RPi4/weewx 4.8.0/4.10.2/CumulusMX 3283/Meteobridge RPi4B-2GB(3169)
Barani Meteoshield Pro, MetSpec Rad02 - Ecowitt 5763,34418;WU ISAARB3(WH4000SE),ISAARB22(HP2553), http://meshka.eu

Offline V1c3

  • Member
  • *
  • Posts: 5
Re: WS2910 Share too many information on local network
« Reply #8 on: November 18, 2022, 06:29:03 AM »
Thanks alot, any site we can monitor to see Ecowitt firmare updates ?

Offline Gyvate

  • Forecaster
  • *****
  • Posts: 3298
Re: WS2910 Share too many information on local network
« Reply #9 on: November 18, 2022, 09:11:24 AM »
read our "MUST READ" thread regularly  :grin: 8-)
https://www.wxforum.net/index.php?topic=40730.0
It's updated as soon as firmware upgrades are released
WS2350 1.6.7, GW1000(3) 1.7.7,WH2650 WiFi (2) 1.7.7 (test/backup), GW1100 2.3.1, GW2000(3) 3.1.1, HP2551 1.9.5,5.1.5;HP3500 1.7.2,WS3800 1.2.8, WN1910 1.2.3,WN1980 1.2.3;
Ecowitt WS90(2)1.3.5/1.4.0, WS80(2)1.2.5, WS68, WS69, WH40, WH31, WH31-EP, WN30, WN34L, WN35, WH32, WH32-EP, WH32B, WH57 [Lightning], WH41 [PM2.5], WH51, WH45, WH55
MeteobridgePro(2)[test,prod] 5.8 Mar 01 2024, 15185 - Blake-Larsen Sun Recorder - RPi4/weewx 4.8.0/4.10.2/CumulusMX 3283/Meteobridge RPi4B-2GB(3169)
Barani Meteoshield Pro, MetSpec Rad02 - Ecowitt 5763,34418;WU ISAARB3(WH4000SE),ISAARB22(HP2553), http://meshka.eu

Offline kheller2

  • Forecaster
  • *****
  • Posts: 518
Re: WS2910 Share too many information on local network
« Reply #10 on: November 18, 2022, 06:51:36 PM »
Thank for the info.  I didn’t know ecowitt was upgrading the older consoles with newer Wi-Fi, I thought it was just their new unit.
Ambient Consoles: WS-2000, WS-1900, WS-1200, WS-2902C, WS-3000-X3, WS-0900-IP(observerIP), WS-1001-WIFI
Ambient Arrays: WH65B
Ambient Sensors: WH31E(3), WH31B(2), WH32B, WH31SM(2), WH31PGW, AQIN, WH31LA(3)
Ambient Spares: WH24B(2), WH25B.
Ecowitt: HP2551BU, GW1000B(dead), GW1100B(2), GW2000B
Ecowitt Sensors: WH51, WN34BL, WN34(2), WH31, WH41, WH40

Offline V1c3

  • Member
  • *
  • Posts: 5
Re: WS2910 Share too many information on local network
« Reply #11 on: February 07, 2023, 08:11:13 AM »
Hello guys,

FYI with firmware release 5.1.1 problem was fixed, now the LAN http page is password protected.
Initail account is admin, no password. Once logged you can change the password ( and I strongly suggest to do it ).
Thank Gyvate!