WARNING: ER605 Security Vulnerability..!
WARNING:
If you setup a second LAN (or more), and isolate it via ACL, then the router remains accessible on the new network(s)..!
I setup the Router address to 192.168.1.1/24 and created 2 additional networks (192.168.30.1/24 and 192.168.40.1/24) and updated the firewall to isolate these networks. Although clients on each network cannot access each other, they are always able to access the Router. So, even though the router address is 192.168.1.1, it can also be accessed via the gateways at 192.168.30.1 and 192.168.40.1 (even at 192.168.1.1 on isolated subnets.!!!).
Now, even if the router is still password protected, it is clearly visible at an incorrect address and is open to hacking. PLEASE bear this in mind when setting up any 'secure' networks. This is clearly an invisible route, and obviously makes me wonder if there are any more. I have not checked if any other ports are open on these false routes...
TP-Link inform me that it should be fixed in a November release, so be VERY careful in the meantime (keep your passwords VERY strong).
Shame on you TP-Link for such a schoolboy error in a 'Security' product, and for taking so long to fix it..!





