Most routers come with a web panel to allow the consumer to edit the configurations. While you can access it with an IP address such as 192.168.1.1, some manufacturers provide you with a domain, which they believe is more convenient than an IP address. TP-Link uses two such domains: www.tplinklogin.net and www.tplinkextender.net. TP-Link, however, seems to have forgotten to renew these domains.
This oversight was first noticed by Amitay Dan, the CEO of Cybermoon. Here’s his tweet about it:
— Amitay Dan (@popshark1) July 1, 2016
Both of the domains have been registered anonymously and are up for sale online for $2.5 million apiece. It turns out TP-Link is not so anxious to get them back, though. Also, this seems to only affect older hardware, as newer TP-Link products have switched to using www.tplinkwifi.net instead.
However, since the two expired domains are printed on the back or bottom of several previous generation models, it can cause issues for consumers. These users might end up on a site not under TP-Link’s control and may become vulnerable to phishing attempts or delivery of malware through a site the user trusts.
We advise our readers who own TP-Link products to stay away from these websites to avoid getting phished or infected by malware. Instead, use your local IP address to configure your router. This address is usually 192.168.1.1.
It’s interesting to note that TP-Link is one of two manufacturers of Google’s OnHub routers, the other being Asus. The company is yet to make an official statement about this issue. If they make one, we’ll update this post with more details. Stay tuned!
What’s your take on this issue? Do you own a TP-Link product? Have you used these domains to configure it in the past? Let us know in the comments below, on Google+, Facebook, or Twitter.Via: The Hacker News