Security News TP-Link routers exposed to potential security flaw

BoraMurdar

Super Moderator
Thread author
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
sBdGTaf.png

Over the years, manufacturers have made various efforts towards making router configuration a simple and straightforward process for everyone. While with some routers you can still login via SSH and change its configuration to your heart's content, most people tend to rely upon the graphical user interface.

A more recent "innovation" has been to assign a domain name to access the router rather than relying upon users to remember an IP address. In the case of Netgear, the domain name associated with their routers is currently routerlogin.net while, for TP-Link, tplinklogin.net is the domain name of choice.

However, according to the domain whois records, it appears that someone at TP-Link forgot to renew the registration for tplinklogin.net towards the end of May this year.

gAgH2nG.png


Unfortunately, for owners of TP-Link routers, this means that when they attempt to access their routers using tplinklogin.net they will be directed somewhere other than the router login page. At the time of writing, the address redirects to a page indicating that the domain name "may be for sale." A subsequent click redirects to a page on Above.com, an Australian-based domain parking broker, which is accepting offers on the domain.

However, should an attacker obtain the domain name, they could redirect it to a webpage which could attempt to load malware on to a system. Given that TP-Link is not a minor manufacturer, this could have dire consequences for their customers.

In a post on SecLists.org, Cybermoon CEO Amitay Dan wrote that:

As for now, the company decided to make minor fixes. Yet - they don't like to buy the domain from the unknown seller, for now.

Also, according to a tweet from Dan, these "minor fixes" merely involve changing the user manuals rather than attempting to regain control of the lost domain name. Unfortunately, TP-Link stopped communicating with Dan sometime after having brought the issue to their attention.

In the meantime, it would be best to avoid accessing these routers using the tplinklogin.net address. Otherwise, Dan has recommended that ISPs block the domain name in order to customer computers from being hijacked.
Via Neowin
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top