I can confirm an intrusion from an unknown MAC address (identified as a Realtek device), retrieve a new, valid IP from the DHCP pool, and use the network for about 1 hour.
The network is WPA2 – 1 for 2.4 GHz and 5 GHz with the same password. The 2.4 GHz network also includes a TP Link Extender that creates its own SSID, but with the same password. So a total of 3 networks with the same password.
This over 40 random password was set less than 10 days ago. It's certainly random, with the recommended mix of uppercase and lowercase letters, numbers and symbols generated by a reputed password manager. There are no proximal patterns that I can find or imagine, and no signs have been repeated – that's what I've taken care of.
How is it possible that this network has been compromised? so fast?
In theory, is it even possible to crack a 40-digit random password IN 10 DAYS with fewer than a few hundred multi-GPU setups? I do not think anyone wants to "get me" so much.
Is it possible that a network will enter / enter without knowing the password? A version of the KRACK attack or similar targeting the router or perhaps the repeater.
Is it possible to perform a LOCAL attack similar to KRACK or BlueBorne on any of the 10 client devices where the intruder could have read the WiFi password from one of these clients and compromised the network?
In addition to (WPA2-PSK-CCMP) -TKIP, the extended network displays a security setting of (WPA-PSK-CCMP) -TKIP. While the original networks only have (WPA2-PSK-CCMP) -TKIP. Is this a potential security hole?
I know that this is a broad question – but I am dealing with a very real intervention here. I would like to limit the possibilities and then the question based on community guidance
Small addendum: The clients are a typical mix of Android, iOS, streaming sticks, Windows, Mac, printer. No other IoT or Linux. There are some Bluetooth accessories scattered around.