security: config URL links to rogue site (defacement? DNS poisoning?)

security: config URL links to rogue site (defacement? DNS poisoning?)
security: config URL links to rogue site (defacement? DNS poisoning?)
2019-08-15 07:54:33
Model: TL-WA855RE
Hardware Version: V3
Firmware Version: doesn't matter

Hi,

 

label reports http://tplinkrepeater.net/ as special config URL. But such domain looks taken over / defaced, such that if your device hops on the original SSID instead of the extender's - or if you just visit that URL from any other internet connection - you get a pseudo-config page which at option 3 says (here the excerpt from the Italian version):

 

"

Soluzione 3

Scollega ogni connessione dal dispositivo che utilizzi per la configurazione.

Attendi 30 secondi collega il tuo dispositivo alla rete Wi-Fi TP-LINK_Ext .

Apri la pagina di configurazione all'indirizzo http://www.tplinkrepeater.net (o http://www(dot)tplinkextender(dot)net), nome utente e password sono: admin .

Esegui la configurazione assistita seguendo le indicazioni a schermo.

"

where the 1st URL is just that of the page but the 2nd URL suggested takes you to a rogue/phishing site of the type click-to-win - nothing you'd expect for the config page of your range extender.

0
0
#1
Options
2 Replies
Re:security: config URL links to rogue site (defacement? DNS poisoning?)
2019-08-20 05:38:58

@hupla 

 

To access the web UI of the extender, we need hop your device to the extender itself, either by wired cable, or by wireless.

 

With your computer connected to the main router or other network, it may failed to access it due to the security mechanism.

 

Best regards. 

0
0
#2
Options
Re:Re:security: config URL links to rogue site (defacement? DNS poisoning?)
2019-08-21 15:47:13

Hi,

 

point is, that whatever special config URL you setup you must ensure it's recognized and served by the device only.

If it's a valid URL you must ensure you own & control it for the lifetime of the device.

A user can try and open the config link from bookmarks / history while not hooked to your device and being tricked to click the rogue links, assuming that such device-specific-config page/url loads only from the your device/service, hence seeing it loads fine ends up trusting it and links in it. That's what happened to me, doesn't suffice to just log such advisories like https://www.tp-link.com/en/support/faq/2217/ - which seems related to this case - you're supposed to take proper actions.

 

thx

regards

0
0
#3
Options