Skip to main content

This network device vendor made one terrible blunder

TP-Link Talon AD2700
Image used with permission by copyright holder
Networking equipment vendor TP-Link has reportedly “forgotten” to renew two domains that are used to access the administrative panels of its devices. Typically, domain names are easier to remember for customers versus numeric IP addresses — but TP-Link’s mistake shows how they can lead to problems.

Cybermoon CEO Amitay Dan said on Friday that TP-Link lost control of its tplinklogin.net domain because it forgot to renew the address. Rather than forking out money to regain the domain from an external company that happened to scoop up the address, TP-Link instead decided to update its online manuals by removing the domain name references altogether.

“The logic behind using [a] domain in the first place, instead of an IP address, is the main problem here,” Dan said in a blog. “Forgetting to buy the domain is the second mistake. While checking how many users are trying to use it, I’ve realized that’s this is effecting plenty of people. My advice is to block the domain by the ISP.”

Computerworld followed up with a report stating that another TP-Link domain that is typically used with its Wi-Fi extenders, tplinkextender.net, is now owned by an anonymous entity that will gladly sell the address. The owner of the other domain, tplinklogin.net, has a For Sale sign posted as well. Thankfully, both domains reportedly don’t connect to a TP-Link device.

Customers who own a TP-Link router or extender, and enter the provided domain address in their browser, should still pull up the control panel instead of the domain’s sell page. To verify this, Computerworld did a factory reset of TP-Link’s TL-WR841N router, and then entered the tplinklogin.net address into a browser while the router remained offline. This brought up the internal administrative website, which also loaded up when the domain was entered into the browser once the router was physically connected to the Internet.

The big security issue here regarding the two uncontrolled domains is that when TP-Link customers use the tplinklogin.net domain to access TP-Link devices other than routers (like an extender), it will pull up a public Internet web page instead of the internal logon page. Currently, that address leads to a page provided by Sedo’s Domain Parking service, but could play host to a malicious site in the future.

“If cybercriminals get their hands on this router configuration domain, it could become a significant tool for malware distribution using simple instructions, for example, to ‘download new firmware to your router,’” said Lior Kohavi, CTO at CYREN. “There is also the possibility it could be used for phishing. After all, this is a domain that receives a large number of visitors each day, as users are actually instructed to visit the site. It’s this large number of ‘natural’ and trusting visitors that makes this domain so potentially valuable to criminals.”

Ultimately, the ideal setting would be to write down or memorize the actual device IP address. Another option would be to get a router that cannot be configured, such as the OnHub router from Google and similar “closed” devices. These offer nearly no options to adjust, and are accessible through a mobile app.

Editors' Recommendations

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
This was the most momentous PC announcement in decades
Copilot+ PCs being announced from the stage.

"AI PC."

You've no doubt heard the term by now, and if you're honest, it's probably made your eyes roll. In a year when "AI" is tacked on to every tech product imaginable, what have been called AI PCs so far just haven't felt worthy of the designation.

Read more
Sorry, Microsoft — I don’t want Copilot+ reading my DMs yet
Microsoft introducing the Recall feature in Windows 11.

Microsoft is kicking off a new era of PCs -- the Copilot+ era. It's a new category of device designed and built around AI, and the key selling point of a Copilot+ PC is the new Recall feature. I'm not quite on board with it yet, however.

Recall is a collection of several small language models that run on your device all the time. These models track everything you do, from messages and emails you send to where you navigate within Windows 11. And, as the name suggests, Copilot can recall this information whenever you need it, using it as bedrock context for how you interact with your PC.

Read more
Best Memorial Day gaming laptop deals: Get a gaming laptop for $800
MSI Raider GE78 HX gaming laptop for Fortnite product image.

If you're the sort of person who is constantly on the move but still wants to game, then you might want to opt for a solid gaming laptop. Luckily, the quality of gaming laptops has increased massively in the past few years, and you can find some really great specs for good prices. In fact, you can get even better deals than usual as part of these early Memorial Day deals, which are really great and perfect for those who can't wait for Memorial Day itself. Alternatively, you could check out some of these other great gaming laptop deals if you don't quite find what you're looking for below.
Best Gaming Laptop (Intel) Memorial Day Deals

Intel is one of the most popular CPU makers on the market, so it's no surprise to see a wide variety of gaming laptops when it comes to specs. There are solid budget options with something as entry-level as the RTX 4060 or as high-end as the RTX 4080, so there are a lot of options out there, depending on what you're looking for.

Read more