Top Wi-Fi gateway router manufacturer firm TP-Link has reportedly lost control of two crucial domains accessed by millions of customers and small organizations daily.
TP-Link used either tplinklogin.net or tplinkextender.com for its router configuration. The first domain was commonly used to configure TP-Link routers, while the second was for TP-Link Wi-Fi extenders. Customers are also able to access their router’s administration panel and configuration web pages through local IP address (192.168.1.1 or 192.168.0.1).
A cybersquatter has renewed both domains using an anonymous registration service and offering them for sale at $2.5 million each.
TP-Link states that they have simply “forgotten” to renew both of those domains. Furthermore, TP-Link is planning on updating its manuals to delete references to the domain names. Therefore, they are not planning on buying back the domains given the costs.
During the last several years, TP-Link has been using the currently owned domain tplinkwifi.net instead of tplinklogin.net. Hence, the threat perceived is lessened to a certain extent. Unfortunately, the failure to renew two domains could still stir up trouble for some customers who may access them through observing these domain name references printed on the back of their devices.
Malicious actors are capable of redirecting traffic, installing malicious firmware through phishing techniques, and ask for sensitive information like passwords. This would be disastrous since millions of users use TP-Link routers.
The best advice for customers is to avoid accessing their TP-Link routers using the likely-compromised domains tplinklogin.net and tplinkextender.com. Just connect through the local IP address instead. Internet Service Providers should block those domains to protect its users from possible threats.