Skip to main content

This network device vendor made one terrible blunder

TP-Link Talon AD2700
Image used with permission by copyright holder
Networking equipment vendor TP-Link has reportedly “forgotten” to renew two domains that are used to access the administrative panels of its devices. Typically, domain names are easier to remember for customers versus numeric IP addresses — but TP-Link’s mistake shows how they can lead to problems.

Cybermoon CEO Amitay Dan said on Friday that TP-Link lost control of its tplinklogin.net domain because it forgot to renew the address. Rather than forking out money to regain the domain from an external company that happened to scoop up the address, TP-Link instead decided to update its online manuals by removing the domain name references altogether.

Recommended Videos

“The logic behind using [a] domain in the first place, instead of an IP address, is the main problem here,” Dan said in a blog. “Forgetting to buy the domain is the second mistake. While checking how many users are trying to use it, I’ve realized that’s this is effecting plenty of people. My advice is to block the domain by the ISP.”

Please enable Javascript to view this content

Computerworld followed up with a report stating that another TP-Link domain that is typically used with its Wi-Fi extenders, tplinkextender.net, is now owned by an anonymous entity that will gladly sell the address. The owner of the other domain, tplinklogin.net, has a For Sale sign posted as well. Thankfully, both domains reportedly don’t connect to a TP-Link device.

Customers who own a TP-Link router or extender, and enter the provided domain address in their browser, should still pull up the control panel instead of the domain’s sell page. To verify this, Computerworld did a factory reset of TP-Link’s TL-WR841N router, and then entered the tplinklogin.net address into a browser while the router remained offline. This brought up the internal administrative website, which also loaded up when the domain was entered into the browser once the router was physically connected to the Internet.

The big security issue here regarding the two uncontrolled domains is that when TP-Link customers use the tplinklogin.net domain to access TP-Link devices other than routers (like an extender), it will pull up a public Internet web page instead of the internal logon page. Currently, that address leads to a page provided by Sedo’s Domain Parking service, but could play host to a malicious site in the future.

“If cybercriminals get their hands on this router configuration domain, it could become a significant tool for malware distribution using simple instructions, for example, to ‘download new firmware to your router,’” said Lior Kohavi, CTO at CYREN. “There is also the possibility it could be used for phishing. After all, this is a domain that receives a large number of visitors each day, as users are actually instructed to visit the site. It’s this large number of ‘natural’ and trusting visitors that makes this domain so potentially valuable to criminals.”

Ultimately, the ideal setting would be to write down or memorize the actual device IP address. Another option would be to get a router that cannot be configured, such as the OnHub router from Google and similar “closed” devices. These offer nearly no options to adjust, and are accessible through a mobile app.

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Your Netgear router might be an open door for hackers
The Netgear Nighthawk XR1000v2 router placed on a desk next to its packaging box

Netgear has released a security advisory addressing two critical vulnerabilities affecting Nighthawk Pro Gaming routers and certain Wi-Fi 6 access points. The company strongly recommends that users update their devices' firmware promptly to mitigate potential risks.

The first vulnerability, identified as PSV-2023-0039, is a Remote Code Execution (RCE) flaw. This security issue allows attackers to execute arbitrary code on affected devices remotely, potentially leading to unauthorized control over the router. The second vulnerability, PSV-2021-0017, is an authentication bypass flaw, which enables attackers to circumvent authentication mechanisms and gain unauthorized access to the device's management interface.

Read more
Turns out, it’s not that hard to do what OpenAI does for less
OpenAI's new typeface OpenAI Sans

Even as OpenAI continues clinging to its assertion that the only path to AGI lies through massive financial and energy expenditures, independent researchers are leveraging open-source technologies to match the performance of its most powerful models -- and do so at a fraction of the price.

Last Friday, a unified team from Stanford University and the University of Washington announced that they had trained a math and coding-focused large language model that performs as well as OpenAI's o1 and DeepSeek's R1 reasoning models. It cost just $50 in cloud compute credits to build. The team reportedly used an off-the-shelf base model, then distilled Google's Gemini 2.0 Flash Thinking Experimental model into it. The process of distilling AIs involves pulling the relevant information to complete a specific task from a larger AI model and transferring it to a smaller one.

Read more
New MediaTek Chromebook benchmark surfaces with impressive speed
Asus Chromebook CX14

Many SoCs are being prepared for upcoming 2025 devices, and a recent benchmark suggests that a MediaTek chipset could make Chromebooks as fast as they have ever been this year.

Referencing the GeekBench benchmark, ChromeUnboxed discovered the latest scores of the MediaTek MT8196 chip, which has been reported on for some time now. With the chip being housed on the motherboard codenamed ‘Navi,’ the benchmark shows the chip excelling in single-core and multi-core benchmarks, as well as in GPU, NPU, and some other tests run.

Read more