TP-Link could be putting users of its routers at risk due to lapsed domains, users being sent to somewhere that is not the router login page. This is bad news for users considering TP-Link is one of the largest suppliers of routers in the world, and according to one security expert the company is doing little to solve the problem.
The issue comes from the way in which TP-Link (and indeed other router manufacturers) makes configuring a router easier. Users are now given domain names to access the configuration process for the router, it is a method that is easier than asking a customer to remember an IP address.
Domain names are universal and in the case of TP-Link it is tplinklogin.net, a location where users can configure their domain. The problem is, at some point in late May, the company forgot to renew the domain registration, according to domain whois records.
This may seem like a normal error that is not really problematical. However, it meant that during the downtime, the domain was effectively left open, so users were directed to another page. This page says the domain is for sale and has advertising links in a list menu (itself potentially confusing for users), and a redirect leads to domain parking site Above.com.
All good, but if a cybercriminal was to take control of the domain they could send the redirect to a page that could load malware onto a machine. This is not an outlandish scenario considering there are literally millions of TP-Link router owners who could be heading to this domain. It presents something of a gift of traffic to an attacker.
In a post on SecLists.org, Cybermoon CEO Amitay Dan wrote that:
“As for now, the company decided to make minor fixes. Yet – they don’t like to buy the domain from the unknown seller, for now.”
In other words, TP-Link seems uninterested in getting back the domain and has instead made changes to its instruction manuals for a new domain. Those with older models will still head to the domain, which actually happened to me last month when I set up a new router.
Needless to say, users should avoid the tplinklogin.net page entirely, just to be on the safe side. If you want to configure an older router (emerging markets will not always have brand new models for example), you can search your model number and find the new setup details and instruction manuals at TP-Link’s official website.