I have poured through the forums regarding this obnoxious redirect everytime someone accesses the local web interface of their TP-Link router. It doesn't matter the model because all current firmwares seem to have this redirect hard-coded.

Some forum posts have "TP-Link Engineers" posting B.S. about how the browser cache is the most common culprit because the redirect is only used for initial configurations. The reason I know that the excuse being given is B.S. is because as a networking engineer, I have tools, resources, and testing servers that debunk the excuse.

I operate a public DNS, private DNS, reverse Proxy, and other related tools. I also am familiar with Wireshark and it's use cases for studying networking traffic.

When I attempt to access the local web interface of http://192.168.1.1 of a TP-Link router (specifically an Archer AX21), a reverse proxy baked into the webserver of the web interface for the AX21 redirects initiating traffic to tplinkwifi.net. There is a timeout built into the reverse proxy where within a given time period, you can go back and put the IP address http://192.168.1.1 and NOT be redirected. I have simlar, if not identical, configurations on my NGINX reverse proxy server.

I have 2 access methods I use to access most web servers on my network. Publically, If I want to access my servers remotely over HTTP/HTTPS, I use my own public DNS, a NGINX reverse proxy server, and internal DNS (along with firewall access rules) to access them all. Privately, if I want to access my servers locally, I use my own internal DNS to resolve local IP addresses. The FQDN for both public and private connections are identical so I don't need to worry about using different host names.

I also use AdGuard so I have a Public DNS-over-HTTPS server that I can use anywhere.

The reason I'm explaining all of this is to express my knowledge that browser cache as the "most likely" cause is arrogantly inaccurate.

Now, I cannot be certain that the AX21 is using some sort of reverse proxy to redirect as I'm not a hardware engineer and don't have the appropriate knowledge to gain console access to the AX21, assuming it even has such function. I can only speculate based on my ability to duplicate it using my own methods.

What I would like to see is the ability to disable or remove this. I, and many other security professionals, consider it a massive security flaw if the end-user does not have the ability to either disable it or directly configure. The domain, tplinkwifi.net, has already been "lost" by TP-Link .. sending unsuspecting users to a website designed for malicous purposes. DNS spoofing and poisining are real threats directly affected by this vulnerability.