security: config URL links to rogue site (defacement? DNS poisoning?)

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

security: config URL links to rogue site (defacement? DNS poisoning?)

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
security: config URL links to rogue site (defacement? DNS poisoning?)
security: config URL links to rogue site (defacement? DNS poisoning?)
2019-08-15 07:54:33
Model: TL-WA855RE  
Hardware Version: V3
Firmware Version: doesn't matter

Hi,

 

label reports http://tplinkrepeater.net/ as special config URL. But such domain looks taken over / defaced, such that if your device hops on the original SSID instead of the extender's - or if you just visit that URL from any other internet connection - you get a pseudo-config page which at option 3 says (here the excerpt from the Italian version):

 

"

Soluzione 3

Scollega ogni connessione dal dispositivo che utilizzi per la configurazione.

Attendi 30 secondi collega il tuo dispositivo alla rete Wi-Fi TP-LINK_Ext .

Apri la pagina di configurazione all'indirizzo http://www.tplinkrepeater.net (o http://www(dot)tplinkextender(dot)net), nome utente e password sono: admin .

Esegui la configurazione assistita seguendo le indicazioni a schermo.

"

where the 1st URL is just that of the page but the 2nd URL suggested takes you to a rogue/phishing site of the type click-to-win - nothing you'd expect for the config page of your range extender.

  0      
  0      
#1
Options
2 Reply
Re:security: config URL links to rogue site (defacement? DNS poisoning?)
2019-08-20 05:38:58

@hupla 

 

To access the web UI of the extender, we need hop your device to the extender itself, either by wired cable, or by wireless.

 

With your computer connected to the main router or other network, it may failed to access it due to the security mechanism.

 

Best regards. 

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Connect TP-Link Archer BE550 to Germany's DS-Lite (Dual Stack Lite) Internet via WAN Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router Archer BE800 New Firmware Added Support for EasyMesh in AP Mode, DoH&DoT, and 3-Band MLO Connection Archer AX90 New Firmware Added Support for EasyMesh and Ethernet Backhaul If you found a post or response helpful, please click Helpful (arrow pointing upward icon). If you are the author of a topic, remember to mark a helpful reply as the "Recommended Solution" (star icon) so that others can benefit from it.
  0  
  0  
#2
Options
Re:Re:security: config URL links to rogue site (defacement? DNS poisoning?)
2019-08-21 15:47:13

Hi,

 

point is, that whatever special config URL you setup you must ensure it's recognized and served by the device only.

If it's a valid URL you must ensure you own & control it for the lifetime of the device.

A user can try and open the config link from bookmarks / history while not hooked to your device and being tricked to click the rogue links, assuming that such device-specific-config page/url loads only from the your device/service, hence seeing it loads fine ends up trusting it and links in it. That's what happened to me, doesn't suffice to just log such advisories like https://www.tp-link.com/en/support/faq/2217/ - which seems related to this case - you're supposed to take proper actions.

 

thx

regards

  0  
  0  
#3
Options