Security of an End of Life Router

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Security of an End of Life Router

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Security of an End of Life Router
Security of an End of Life Router
2021-04-10 02:37:40
Model: TL-WDR3600  
Hardware Version: V1
Firmware Version: 3.14.3 Build 151104 Rel.44824n

I have an N600 TP-Link router.

To be clear, I do not use the WiFi function (it is turned off) as most all of my devices are hard-wired with Cat5 cable to the router.

I also have two Access point WiFi routers, connected by Cat5 cable to the N600.  These AP's provides WiFi signals to my IoT devices (security cameras, smart switches, tablets, etc).

My question is since my TP-Link router is no longer being supported with firmware updates, am I putting my network in any security danger? Remember, I am not using the WiFi function of the Tp_link router, I'm just using the Gigabyte ports.

BD

  0      
  0      
#1
Options
5 Reply
Re:Security of an End of Life Router
2021-04-10 14:08:05

@bigdawg 

 

IMHO I would think most should be okay if:

 

  • You have disabled remote management.
  • Your router handled the VPNFilter malware attack back in 2018
  • You are not a business.
  • You are not in a dorm or apartment complex although WIFI would be prime target.
  • Something that makes you a prime target.
  • Since you are not using the WIFI of the router
  • Do not do sensitive work on your network


On the other hand:

 

  • A newer router can give you better speed if you have 100 or better speed from your ISP depending which model you have
  • The security may be better on a newer router (it is the first line of defense but it is not the best line of defense)
  • May be able to replace your router and an AP with one router. (how old are your APs?)
  • If you have had any issues with the router such as needing to reboot from time to time.
  • May want to consider a router that does not offer WIFI
  • May want to consider a MESH system or a redesign of your current system.

 

The most likely attacks will be from something you do such as open an unknown email, or click a bad link, go to questionable sites and such. 

 

You may want to change your DNS to use one that provides some protection.

 

Consider a VPN.

 

If a newer router makes you more comfortable/piece of mind, then get one.

 

 

 

 

 

 

  0  
  0  
#2
Options
Re:Security of an End of Life Router
2021-04-10 14:09:55 - last edited 2021-04-10 14:13:48

@bigdawg 

 

The answer is "it depends".

 

There are continual attacks and security 'holes' found in routers.

 

You might find these pages of interest:

 

https://routersecurity.org/index.php

https://www.tp-link.com/us/press/security-advisory/  (specific for TP-Link routers)

https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=tp-link (list of specitic TP-Link exposures)

 

Bottom line is routers no longer support can have a hidden security problem that is discovered well after EOL in terms of f/w update.

 

Also, some router's will have features REMOVED for a variety of reasons, and the choice if you need that feature is NOT update the f/w. Those routers can suffer the same problem of not getting security updates and be exposed.

 

Wire or wireless usuage generally doesn't matter on Router Security issues... it is the f/w and has the problem (or lack of protection for an attack).

  0  
  0  
#3
Options
Re:Security of an End of Life Router
2021-04-10 16:29:33

@bigdawg 

Thanks guys for the info.

As I do banking and other potentially sensitive activities with my computers, it seems that maybe I would be better off with a newer router for whatever the potential extra protection a new router would provide over this older one.

Your help in helping make this decision to upgrade is greatly appreciated.

BD

  0  
  0  
#4
Options
Re:Security of an End of Life Router
2021-04-10 16:36:47

@bigdawg

I'm considering buying the TP-Link AX3000 to replace my TP-Link TL WDR3600.

Is there any way to copy the setting of my old router over to this new one?

Also, is there an On/Off switch to turn the WiFi off on the new router, like there is on the old one?

Thanks again for the help.

  0  
  0  
#5
Options
Re:Security of an End of Life Router
2021-04-10 17:14:20

 

bigdawg wrote

@bigdawg

I'm considering buying the TP-Link AX3000 to replace my TP-Link TL WDR3600.

Is there any way to copy the setting of my old router over to this new one?

Also, is there an On/Off switch to turn the WiFi off on the new router, like there is on the old one?

Thanks again for the help.

@bigdawg 

 

No way I've ever known how to copy settings over. The 'saved' files are marked so they only go on the same router (at least in all router's I've seen). Best way, take a screen capture of ALL the web gui pages you changed. Then MANUALLY enter those into the new router.

 

There is a s/w emulator for the AX3000 @ https://emulator.tp-link.com/ax3000-us-v1/index.html and you can check all the GUI pages there.

 

You can DISABLE the wireless radio on it:

 

You can also TURN WIRELESS off on a time schedule, not sure if that can be done for 24 hours though?

 

As for 'Security' updates. I'll have to say this about that... to me, it seems TP-Link doesn't do often f/w updates. My Archer A20 is running with the last F/W update, 10/26/2019 which was released on 12/02/2019! It was the ONLY update done since the Mar. 2019 release of the router. No mention of Security Update in the Readme. Not surprising? If they mentioned the fix for 'what' or the CVE number, crooks would know there were routers out there not updated and vunerable for the security hole. When I had Netgear routers, they put out f/w updates quite often, and the readme's always had 'security updates' in them? Why did NG do more vs. TPL? Can't say? However, I'm pretty sure TP-Link will fix security holes when they are alerted to them.

 

Still, there are alway 'day-0' attacks, and I wouldn't rely soley on a Router f/w or possible built-in security as the sole protection. My Archer A20 has HomeLink (powered by Trend Micro) built-in, but the AX3000 has none from what I can tell.

  0  
  0  
#6
Options

Information

Helpful: 0

Views: 1908

Replies: 5

Related Articles