TP-Link device’s login domains are currently owned by a 3rd party
Router and Wifi extender manufacturers assign a domain name to make its device’s access procedure a little more user-friendly. But TP-Link forgets to renew its router domains tplinklogin.net typically used by routers and tplinkextender.net for WiFi extenders. An anonymous entity re-registered the domain name and offering to sell the administrative domain link for US $2.5 Million each. This oversight can be overturned. But TP-Link doesn’t seem to be interesting in buying back these domain names.
TP-Link is currently tplinkwifi.net on the newer routers. But many devices are still using the older domain names that are typically printed on the base. When an uninformed user accesses the router’s administrative settings using the lost domain names, it would route to a third party website.
What’s the potential risk??
Both the domains are parked with an option to purchase them. It also does not route to the router’s login page or something that resembles as one. TP-Link addresses its users to either use the router’s local IP address or the tplinkwifi.net to access its routers. But a couple of its FAQ documentations (here and here) still recommends the older domains. If a 3rd party makes the purchase of either or both URLs, they could provide a malware-infected router update whenever a user accesses these domains.
Is it really a problem??
Despite the flaw, routers and extenders should able to redirect to the new TP-Link router login. Michael Horowitz confirmed by hard resetting his TP-Link router while keeping it offline. Upon trying tplinklogin.net, it was redirected to tplinkwifi.net automatically. It’s best if users do the same with their routers to be on the safe side. Disconnect the internet connection on the router and try accessing tplinklogin.net. If our TP-Link router redirects to tplinkwifi.net, you’re safe. If it doesn’t, stick to using the router’s IP address.
You would not expect a network device manufacturer to keep open a possible flaw by not renewing two domain names that’s still used by many devices.
— Hardware BBQ (@HardwareBBQ) July 7, 2016