Skip to main content

This network device vendor made one terrible blunder

TP-Link Talon AD2700
Networking equipment vendor TP-Link has reportedly “forgotten” to renew two domains that are used to access the administrative panels of its devices. Typically, domain names are easier to remember for customers versus numeric IP addresses — but TP-Link’s mistake shows how they can lead to problems.

Cybermoon CEO Amitay Dan said on Friday that TP-Link lost control of its tplinklogin.net domain because it forgot to renew the address. Rather than forking out money to regain the domain from an external company that happened to scoop up the address, TP-Link instead decided to update its online manuals by removing the domain name references altogether.

“The logic behind using [a] domain in the first place, instead of an IP address, is the main problem here,” Dan said in a blog. “Forgetting to buy the domain is the second mistake. While checking how many users are trying to use it, I’ve realized that’s this is effecting plenty of people. My advice is to block the domain by the ISP.”

Computerworld followed up with a report stating that another TP-Link domain that is typically used with its Wi-Fi extenders, tplinkextender.net, is now owned by an anonymous entity that will gladly sell the address. The owner of the other domain, tplinklogin.net, has a For Sale sign posted as well. Thankfully, both domains reportedly don’t connect to a TP-Link device.

Customers who own a TP-Link router or extender, and enter the provided domain address in their browser, should still pull up the control panel instead of the domain’s sell page. To verify this, Computerworld did a factory reset of TP-Link’s TL-WR841N router, and then entered the tplinklogin.net address into a browser while the router remained offline. This brought up the internal administrative website, which also loaded up when the domain was entered into the browser once the router was physically connected to the Internet.

The big security issue here regarding the two uncontrolled domains is that when TP-Link customers use the tplinklogin.net domain to access TP-Link devices other than routers (like an extender), it will pull up a public Internet web page instead of the internal logon page. Currently, that address leads to a page provided by Sedo’s Domain Parking service, but could play host to a malicious site in the future.

“If cybercriminals get their hands on this router configuration domain, it could become a significant tool for malware distribution using simple instructions, for example, to ‘download new firmware to your router,’” said Lior Kohavi, CTO at CYREN. “There is also the possibility it could be used for phishing. After all, this is a domain that receives a large number of visitors each day, as users are actually instructed to visit the site. It’s this large number of ‘natural’ and trusting visitors that makes this domain so potentially valuable to criminals.”

Ultimately, the ideal setting would be to write down or memorize the actual device IP address. Another option would be to get a router that cannot be configured, such as the OnHub router from Google and similar “closed” devices. These offer nearly no options to adjust, and are accessible through a mobile app.

Editors' Recommendations

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
TP-Link’s new Wi-Fi 6 routers look more like alien spaceships than ever
tp link wi fi 6 router ces 2019 archerrouter01

Previous

Next

Read more
TP-Link’s new Deco M9 Plus Mesh router is also a smart home hub
tp link deco m9 plus router dims

Everyone expects you to be able to multitask, so there's no reason you shouldn't have the same expectation for your devices. Here to live up to that expectation is TP-Link, whose newest mesh router not only purports to provide fast internet connections to more than 100 devices throughout your home, but also serves as a smart home hub for all of your connected devices. Meet the Deco M9 Plus Mesh Wi-Fi System, the latest multitasker in your life.

“From everyday activities like streaming Netflix and using smart voice assistants, to occasional video chats with friends or online gaming, our home lives are more connected than ever before,” said Derrick Wang, director of product management at TP-Link USA Corp. “Today, families need Wi-Fi systems that can support the higher demands put on their network, delivering reliable performance in every room of the home. Deco M9 Plus is a powerful solution designed to meet the Wi-Fi needs of the modern smart home.”

Read more
Nest’s network failed and people’s smart home devices went dark for 3 hours
Nest Smart Home Devices

What happens when your smart home has a brain lapse? Nest product owners found out last night when the network went down, cutting the digital connection.

Nest customers were still able to set the temperature on thermostats and lock and unlock doors manually, according to The Verge. It's uncertain, however, if Nest's alarm systems were functional during the dark period. A Digital Trends staff member who has Nest Protect, the smoke alarm, did not receive any notification from her app, nor did she receive an email alerting her of any problems.

Read more