Skip to main content

This network device vendor made one terrible blunder

Networking equipment vendor TP-Link has reportedly “forgotten” to renew two domains that are used to access the administrative panels of its devices. Typically, domain names are easier to remember for customers versus numeric IP addresses — but TP-Link’s mistake shows how they can lead to problems.

Cybermoon CEO Amitay Dan said on Friday that TP-Link lost control of its tplinklogin.net domain because it forgot to renew the address. Rather than forking out money to regain the domain from an external company that happened to scoop up the address, TP-Link instead decided to update its online manuals by removing the domain name references altogether.

Recommended Videos

“The logic behind using [a] domain in the first place, instead of an IP address, is the main problem here,” Dan said in a blog. “Forgetting to buy the domain is the second mistake. While checking how many users are trying to use it, I’ve realized that’s this is effecting plenty of people. My advice is to block the domain by the ISP.”

Computerworld followed up with a report stating that another TP-Link domain that is typically used with its Wi-Fi extenders, tplinkextender.net, is now owned by an anonymous entity that will gladly sell the address. The owner of the other domain, tplinklogin.net, has a For Sale sign posted as well. Thankfully, both domains reportedly don’t connect to a TP-Link device.

Customers who own a TP-Link router or extender, and enter the provided domain address in their browser, should still pull up the control panel instead of the domain’s sell page. To verify this, Computerworld did a factory reset of TP-Link’s TL-WR841N router, and then entered the tplinklogin.net address into a browser while the router remained offline. This brought up the internal administrative website, which also loaded up when the domain was entered into the browser once the router was physically connected to the Internet.

The big security issue here regarding the two uncontrolled domains is that when TP-Link customers use the tplinklogin.net domain to access TP-Link devices other than routers (like an extender), it will pull up a public Internet web page instead of the internal logon page. Currently, that address leads to a page provided by Sedo’s Domain Parking service, but could play host to a malicious site in the future.

“If cybercriminals get their hands on this router configuration domain, it could become a significant tool for malware distribution using simple instructions, for example, to ‘download new firmware to your router,’” said Lior Kohavi, CTO at CYREN. “There is also the possibility it could be used for phishing. After all, this is a domain that receives a large number of visitors each day, as users are actually instructed to visit the site. It’s this large number of ‘natural’ and trusting visitors that makes this domain so potentially valuable to criminals.”

Ultimately, the ideal setting would be to write down or memorize the actual device IP address. Another option would be to get a router that cannot be configured, such as the OnHub router from Google and similar “closed” devices. These offer nearly no options to adjust, and are accessible through a mobile app.

Kevin Parrish
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
An elegant Mac app has turned my basic tasks into a whole lot of fun
Who knew switching between apps could be so much easier and elegant?
Employing the Dory app switcher on a MacBook Air

The concept of an app switcher tool is rather odd. After all, why would you need a tool for jumping between apps, when the Command+Tab shortcut works just fine and the three-finger swipe opens the Mission Control on the Mac? Well, there are solutions that work better. 

Second, when you bring the mouse and keyboard combo into the picture, the fluid convenience of the trackpad gesture flies out the window. Over the years, the developer community has produced some real app switcher gems. 

Read more
Upgrade to the Alienware 18 Area-51 gaming laptop with RTX 5070 Ti — $500 off!
The Alienware 18 Area-51 Gaming Laptop on a white background.

You should be ready to spend a lot if you want a powerful gaming laptop, but you should also be on the lookout for potential savings. Now's a great time to check out Alienware deals because of Dell's Black Friday in July sale, which includes a fantastic offer for the Alienware 18 Area-51 gaming laptop. This configuration with the Nvidia GeForce RTX 5070 Ti graphics card is down from $3,300 to $2,800, which is still expensive, but you wouldn't want to miss this chance at $500 in savings. You have to hurry though, as stocks may run out at any moment!

Buy Now

Read more
Save $100 on our pick for the best printer
HP includes full ink bottles with the Smart Tank 7602.

What do we need to print these days? Tax forms, student essays, and clearly-legible letters? Not so much. Bright invites, pictures, and presentation accompaniments? Yes, yes, and yes! In today's world, the typical person's needs in an inkjet printer are far different than the last time you were likely to have bought a printer. And the industry is catching up. Right now, our pick for the overall best printer of 2025 is $100 off as part of early Prime Day deals. That makes the $450 printer just $350 if you buy now. Plus, it comes with two years of HP's ink included. So, tap the button below to go check out the HP Smart Tank 7602 for yourself or keep reading to see what we like about it and what we found out during our review.

BUY NOW

Read more