Two web pages used by TP-Link to ease configurations for router and range extender owners were left vulnerable as the company failed to re-register the sites' domain names.
Using domain names instead of IP addresses is convenient so it comes as no surprise that TP-Link, one of the world's leading providers of networking products, would use the method. Unlike its peers, however, the company forgot to renew its domain registrations, leaving the config pages TPLinkLogin.net and TPLinkExtender.net open for others to swoop in and control.
The security flaw was first brought to light by Amitay Dan, CEO of Cybermoon, who posted about it on Bugtraq earlier in July. He then tweeted that TPLinkLogin.net has been acquired by someone else and is selling the domain for $2.5 million.
TP-Link is not playing ball, however, instead discontinuing the use of the two domains. In a statement, the company said that discontinuation does not affect its devices nor the security of its customers' networks.
For those end-of-life or older products set up with the discontinued domains, TP-Link suggests using IP addresses instead.
The default IP addresses are as follows:
- Routers: 192.168.0.1 OR 192.168.1.1
- Range Extender/Powerline Extender: 192.168.0.254
For those who have already configured their networking products, you can find the IP address for your router in the device's DHCP client list.
There is certainly ill will at trying to sell a domain to its previous owner but the incident doesn't appear to be an outright security issue. Anyone not using a TP-Link router will see a public web page when they access TPLinkLogin.net instead of the log-on page for the router. It is just an advertisement now but the page could easily turn malicious at any time. Best to be safe than sorry then by avoiding accessing the domains and having ISPs block the domains to prevent customer computers from being hijacked.
According to Dan, TP-Link ceased communicating with him about the issue when he first made it known, which makes them look bad. Hiding your head in the sand when there's a problem? Not a good idea when you're a global brand.
Thankfully, TP-Link has issued a statement acknowledging the issue with the domains, alongside making minor fixes, which entailed changing the affected domains in user manuals. However, the company made no mention of the real reason as to why TPLinkLogin.net and TPLinkExtender.net are being discontinued, only saying that instances may arise where it may change or update the site domains it uses.
Photo: Audio Reservoir | Flickr