Dear TP-Link,

Many of us were shocked by the recent Mirai Botnet takeover of affected TP-Link consumer routers, which occurred so quickly after TP-Link had released a security fix for CVE-2023-1389 for the Archer A21 (AX1800).  What had happened was obvious in hindsight.  Bad actors reverse engineered the patch and exploited the vulnerability before any consumers had patched, or had even heard about a patch being available.

As a TP-Link customer and owner of a different model router unaffected by the vulnerability but likely to be subject to future vulnerabilities, I am very concerned with what the future holds, and was wondering if TP-Link would answer a few questions.

1. Is TP-Link committed to releasing new routers with a fully automatic no-action-needed update capability included and enabled by default to help protect their customers?

2. Would TP-Link be willing to ship firmware updates to some existing routers to add such a capability?  Note you already have buttons in the Administrative UI on many models like the AX3000 that will download and update the firmware if a new version is present.  It would seem that the engineering for scheduling this activity would be fairly simple to incorporate into a product update.

3. In the meantime, what is the best way I can be ensured that if my router had new firmware released for it I could learn about it immediately?

Thanks