New Archer c8 v1 Router firmware update needed...

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

New Archer c8 v1 Router firmware update needed...

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
New Archer c8 v1 Router firmware update needed...
New Archer c8 v1 Router firmware update needed...
2020-07-06 17:22:24
Model: Archer C8  
Hardware Version: V1
Firmware Version: 4.0.0 Build 20160517 Rel. 44603

I wonder why TP-Link has not created firmware files or security updates to update my Archer C8 v1.0 Router firmware in the last 4 years.

 

My internet access at our home is on a fiber-optic network & local loop owned and maintained by Spectrum/Time-Warner with 10+mbs estimated upload/download transfer rate according to 3rd party transfer test software.  I use the Archer C8 mainly for laptop, cell phone, and cable streaming through the internet.  I am concerned about unpatched Archer C8 firmware and unannounced TP-Link security concerns that may leave my home network vulnerable to hacking

 

The ZDnet just published an online article on 2/6/20 that says, "Home router warning: They're riddled with known flaws and run ancient, unpatched Linux" at  https://www.zdnet.com/article/home-router-warning-theyre-riddled-with-known-flaws-and-run-ancient-unpatched-linux/?ftag=TRE-03-10aaa6b&bhid=4658732&mid=12913699&cid=716934631

 

The article goes on to describe " they also found that vendors are shipping firmware updates without fixing known vulnerabilities, meaning that even if a consumer installs the latest firmware from a vendor, the router would still be vulnerable."

 

If I recall correctly, the 2016 firmware update for the Archer c8 enabled recognition and support for IP v6 addresses and tried to standardize the Routers Administator Inteface to be similar to other TP-Link Routers Administration models.

 

Is TP-Link Archer c8 router software based and compiled with the Linux/UNIX OS? 

 

Are there unannounced router security problems that have not or cannot be fixed by TP-Link?

 

Since there are many documented concerns with security holes with other OEM Routers from other large manufacturers, why has TP-Link not issued upgraded or periodic firmware for its supported Routers?

 

Regards, Questor

 

 

 

 

  0      
  0      
#1
Options
4 Reply
Re:New Archer c8 v1 Router firmware update needed...
2020-07-06 21:49:07

@Questor I just sent an email to support asking about the same thing regarding my C9 v3 router. These routers are marketed as designed to fully meet the need of Small Office/Home Office (SOHO) networks and users which should be expected to include security. It is obvious that many of the manufactures have been lax in updating firmware to protect against known security flaws. I'll be watching your post and for a reply to my email in hopes TP-Link will address these important issues.

  0  
  0  
#2
Options
Re:New Archer c8 v1 Router firmware update needed...
2020-07-08 15:01:49 - last edited 2020-07-08 15:02:39

If there are known security flaws we have a specific section on our website where the security team can be notified:

 

https://www.tp-link.com/us/press/security-advisory/

 

That is also where you can see up to date advisories on known security issues.

 

If you are in possession of a device that is EoL (End of Life or no longer being manufactured) then likely firmware will not regularly come out. However, if a security issue has been found to be verified for example the KRACK vulnerability, then firmware would be released.

  0  
  0  
#3
Options
Re:New Archer c8 v1 Router firmware update needed...
2020-07-08 18:13:47

@Tony 

 

Hello Tony from TP-Link and thanks for the reply...

 

You said, " If you are in possession of a device that is EoL (End of Life or no longer being manufactured) then likely firmware will not regularly come out. However, if a security issue has been found to be verified for example the KRACK vulnerability, then firmware would be released. "  TP-Link has not released ANY Router security info, firmware updates or security patches related to my Archer C8 AC-1750 in 4 years ( I purchased and installed this C8 Router about 3 years ago).  Because TP-Link comes out with new or renamed Router models every year and does not issue firmware updates or security patches on a regular basis, is my Archer C8 considered obsolete after 3 years of use because TP-Link no longer supports this model without informing current owners? Other OEMs seem to support through their websites any Router security/firmware/updates for a 7 year period after the date the Router was manufactured... why not TP-Link?

 

I am surprised by your reply asking me to forward any known security hacks to Archer C series to the https://www.tp-link.com/us/press/security-advisory/ webpage...  It seems to me that TP-Link needs to better investigate and release more Router security updates rather than my having to check your website daily and access each of the 10 security advisory URLs to see if there were any changes thay may affect my Archer C8 Router.  I should not have to test my Router against known Router security flaws because TP-Link is either not disclosing Archer C series security concerns to registered owners or not testing and releasing Archer C Series security updates.  I should not have to read an Internet article describing how TP-Link Routers are not secure because 3rd party companies or Universities found known and tested flaws that were not corrected by TP-Link.

 

When you say, "If you are in possession of a device that is EoL (End of Life or no longer being manufactured) then likely firmware will not regularly come out" does that mean my TP-Link Archer C8 Router is considered obsolete because it is not supported after 3 years of use? It is hard for me to believe that my TP-Link Archer C8 Router is considered secure by TP-Link when no security updates have been issued in the past 4 years.  This is concerning because TP-Link seems to discontinue sales of Router models every 2 years with new releases and based on what you say, TP-Link Routers are considered obsolete every 2-3 years after the model is first introduced. 

 

It is sad when a company such as TP-Link puts current customers last in line for security/firmware updates when compared to newer versions of TP-Link Routers - especially when many models of TP-Link Routers apparently use hardware code based upon older versions of Linux that are documented to have security flaws.

 

I suggest that TP-Link needs to change this limited Router security/firmware update and support policy by offering improved information postings, more frequent security patches and better communications with customers like me.

 

 

  1  
  1  
#4
Options
Re:New Archer c8 v1 Router firmware update needed...
2020-07-09 01:24:52

@Questor 

 

Not trying to hijack your thread but as I mentioned above, I went the support route for my question. I have an Archer C9 which is still under warranty. I don't know if this is an EoL product but since TP-Link is still selling this model in their store on Amazon and it is shown as NOT discontinued in the Product Information section, I am assuming it is not EoL.  I hope this might give you some information that helps your questions. This is the response I received from Ruby:


Dear David,
Thank you very much for your email requesting information about TP-Link product.

Thank you for your feedback. If you do not mind, could you please send me a link that you see on the Fraunhofer study? We will check it carefully to see which security it mentions about. BTW, would you mind listing some known security flaws for us? I will forward these flaws to the related department and they do some improvements later.

If you still have any other problem with our product, please let me know and I will try my best to help you.


My response to Ruby is below and so far I have not received any further contacts.

Here is the link to the study (editor will not allow external links) and here is a link to the ZDNet article (editor will not allow external links)

The finding in the recent study mirror the findings from a 2018 US study by the American Consumer Institute found here (editor will not allow external links)

 

The security flaws are discussed in both the article and studies. While my specific router (Archer C9) is not named in either study, the Fraunhofer study found that most manufacturers using Linux kernels were not updating the kernels even after those kernels had been patched because of security flaws. As I understand it, the C9 uses a Linux kernel but I don't know how to discover what kernel and whether it has been patched.

 

I appreciate the prompt response. I noticed in the community forum that at least one other person had seen the study/article and was wondering about his C8 router. I'm guessing this may be a common question in the upcoming days and weeks.

 

  0  
  0  
#5
Options