When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

TP-Link routers exposed to potential security flaw after domain registration lapses

In an embarrassing security oversight flagged by security researcher, Amitay Dan, TP-Link lost control of the domain name used to manage its consumer routers, leaving computers prone to attack.

Neowin · · Hot! with 20 comments

Over the years, manufacturers have made various efforts towards making router configuration a simple and straightforward process for everyone. While with some routers you can still login via SSH and change its configuration to your heart's content, most people tend to rely upon the graphical user interface.

A more recent "innovation" has been to assign a domain name to access the router rather than relying upon users to remember an IP address. In the case of Netgear, the domain name associated with their routers is currently routerlogin.net while, for TP-Link, tplinklogin.net is the domain name of choice.

However, according to the domain whois records, it appears that someone at TP-Link forgot to renew the registration for tplinklogin.net towards the end of May this year.

Unfortunately, for owners of TP-Link routers, this means that when they attempt to access their routers using tplinklogin.net they will be directed somewhere other than the router login page. At the time of writing, the address redirects to a page indicating that the domain name "may be for sale." A subsequent click redirects to a page on Above.com, an Australian-based domain parking broker, which is accepting offers on the domain.

However, should an attacker obtain the domain name, they could redirect it to a webpage which could attempt to load malware on to a system. Given that TP-Link is not a minor manufacturer, this could have dire consequences for their customers.

In a post on SecLists.org, Cybermoon CEO Amitay Dan wrote that:

As for now, the company decided to make minor fixes. Yet - they don't like to buy the domain from the unknown seller, for now.

Also, according to a tweet from Dan, these "minor fixes" merely involve changing the user manuals rather than attempting to regain control of the lost domain name. Unfortunately, TP-Link stopped communicating with Dan sometime after having brought the issue to their attention.

In the meantime, it would be best to avoid accessing these routers using the tplinklogin.net address. Otherwise, Dan has recommended that ISPs block the domain name in order to customer computers from being hijacked.

Source: SecLists.org

Next Article

HP Elite x3 to get gold option and new branding, but fingerprint sensor disabled until Fall

Previous Article

Car rental giant AVIS launches new app for Windows phones

20 Comments

Load the comments and join the conversation!

Read the comments, ask the editors questions, show respect and join the conversation.

Click here