6
Votes

TL-SG105E / TL-SG108E How to Block Management VLAN

 
6
Votes

TL-SG105E / TL-SG108E How to Block Management VLAN

23 Reply
Re:TL-SG105E / TL-SG108E How to Block Management VLAN
2024-10-02 16:58:31

Any updates on the progress in getting some less offensive firmware versions or responses from TP-Link?

 

Efforts have been made to get a CVE designation for the relevant hardware and affected firmware versions, but that also has not had any visible response.

 

Let's also consider these write-ups that have existed for some time, such as from 2016 and 2018:

pentestpartners - security-blog/how-i-can-gain-control-of-your-tp-link-home-switch/

goughlui - 2018/11/03/not-so-smart-tp-link-tl-sg105e-v3-0-5-port-gigabit-easy-smart-switch/#:~:text=Security%3F%20Um%20%E2%80%A6%20Hold%20My%20Beer.

The links had to be altered somewhat because of the forum's filtering of external links; however the information is out there, as are the vulnerabilities. The right for people to know, understand, and verify risks follows that.  If this post is removed: "How dare you conceal that information?"

 

Sure, someone could say "customer beware" and "we aren't marketing as if these switches are properly managed switches", but with known vulnerabilities such as insecure transmission of login credentials, repeatable ways to DoS a switch, and leaking of management traffic across any-and-all VLANs, perhaps a "How could you?" question is appropriate.  How could you continue to market this as a managed switch that pretends to have proper management and user access features?  How could you not patch this and expect that no one would shame or ridicule your practices?

 

Perhaps Clive, a moderator, a lawyer, or other representative would see our posts and those questions as offensive.  They are only offensive if you are not taking the issues seriously.  If you are not taking the issues seriously, then offense is appropriate and well-earned.

#22
Options
Re:TL-SG105E / TL-SG108E How to Block Management VLAN
2024-10-02 18:27:53

This forum post and other vulnerability reports have been pointed out to TP-Link again.  Contact methods today include the security reporting e-mail address and live chat.

 

There is now at least one confirmed ticket to assist in removing any claims of "plausible deniability" as TP-Link has been informed of these issues, and not just in this forum where the only obvious TP-Link involvement appears to be Clive.

[TP-Link Support]-[TKID241004455] 18341555-  TL-SG105E- Security issues
#23
Options
Re:TL-SG105E / TL-SG108E How to Block Management VLAN
2024-10-08 15:13:35
There was a follow-on comment here that was intended to encourage TP-Link to stop ignoring the problems on this product line with the defense that other products exist.  That seemed like it might be excessively rude out of context, and that should definitely be taken along with all of the other write-ups about how this product line needs work or perhaps a giant notice/recall if a fix is not forthcoming.  Let's not forget how many years these products have been in the world and how long they have been sold as managed switches.
 
I found a notice that there was an update from Clive, but the link just seems to point to the top of the thread as if the post was deleted.
 
Was there an update, @Clive_A ?
 
--Baker_DSP
#26
Options