Home Network Community > Range Extenders > RE315 Security Issue
< Range Extenders

RE315 Security Issue

RE315 Security Issue

RE315 Security Issue
RE315 Security Issue
Wednesday
Tags: #Access Control
Model: RE315  
Hardware Version: V1
Firmware Version: 1.0.35 Build 241101 Rel.49351n

Hello all,

 

Problem:

Recently, I’ve noticed that my router has been flagging suspicious network activity coming from my RE315 range extender. About once a day, there’s a brief burst of traffic that gets picked up and flagged by the router. Screenshots below for reference:

Flagged traffic 1

Flagged traffic 2

 

 

Attempted Fix:
At first, I suspected the traffic might be coming from a device connected to the range extender. However, I was able to verify that it was actually originating from the IP address assigned to the extender itself. Concerned that the device might have been compromised, I changed my TP-Link password and performed a factory reset on the extender. While the traffic stopped for a day (10/11), it resumed again the following day.

 

 

I can't find any traffic like this from all other devices on my home network. What can I do to stop this?

  1      
 
  1      
 
#1
Options
2 Reply
Re:RE315 Security Issue
Thursday

  @alorenz Disconnect devices connected to the RE315 one by one until the warning messages stop.  I suspect it is one (or more) of the client devices connected through the RE315.

  1  
  1  
#2
Options
Re:RE315 Security Issue
Thursday

@alorenz 

 

I have the same suspect as jzchen.

 

Some range extenders use a "proxy mode" to connect devices to the main network. When a client connects to the extender, the extender intercepts the client's traffic. The range extender replaces the client's original MAC address with a unique virtual MAC address it generates.

 

You can modify the extender's SSID to a different one, disconnecting all client devices that connect to it, and then connect them directly to the main router. Monitor again whether the router flags these suspicious network activities.

 

Alternatively, you can unplug the extender from the network directly, connect all client devices to the main router, and then surf the internet just like you did before. Check again if the router will also flag these suspicious network activities.

Nice to Meet You in Our TP-Link Community. Check Out the Latest Posts: Introducing AI QoS: Elevate Your Gaming Experience on the Archer GE800 Gaming Router! Connect TP-Link Archer BE550 to Germany's DS-Lite (Dual Stack Lite) Internet via WAN Archer GE550 - BE9300 Tri-Band Wi-Fi 7 Gaming Router Archer AX90 New Firmware Added Support for EasyMesh and Ethernet Backhaul If you found a post or response helpful, please click Helpful (arrow pointing upward icon). If you are the author of a topic, remember to mark a helpful reply as the "Recommended Solution" (star icon) so that others can benefit from it.
  1  
  1  
#3
Options

Information

Helpful: 1

Views: 47

Replies: 2

Tags

Access Control
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.