I have exactly the same issue. Was running Firmware version 1.01.27 and updated to what appears to be the most recent Firmware Version 1.01.29 (002) Mar 29 2013, yet still have the same issue. Configuring and enabling one SSID, it is fine, WPA2 security is enabled. Can configure the second SSID, and leave it disabled, and the first is ok. However, as soon as the second SSID is enabled, both remain enabled, however no pass phase required to access either of them. This would appear to be a significant vulnerability. People could enable a second, or more SSIDs, and not realise there is no security on all the enabled SSIDs, not requiring any pass phrase.
... View more