Disable TPLinkWiFi.net Redirect

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Disable TPLinkWiFi.net Redirect

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Disable TPLinkWiFi.net Redirect
Disable TPLinkWiFi.net Redirect
2022-11-22 18:08:35
Tags: #Firmware Update #tplinkwifi.net
Model: Archer AX21  
Hardware Version: V1
Firmware Version: 1.3.5 Build 20211231 rel.63562(5553)

I have poured through the forums regarding this obnoxious redirect everytime someone accesses the local web interface of their TP-Link router. It doesn't matter the model because all current firmwares seem to have this redirect hard-coded.

 

Some forum posts have "TP-Link Engineers" posting B.S. about how the browser cache is the most common culprit because the redirect is only used for initial configurations. The reason I know that the excuse being given is B.S. is because as a networking engineer, I have tools, resources, and testing servers that debunk the excuse.

 

I operate a public DNS, private DNS, reverse Proxy, and other related tools. I also am familiar with Wireshark and it's use cases for studying networking traffic.

 

When I attempt to access the local web interface of http://192.168.1.1 of a TP-Link router (specifically an Archer AX21), a reverse proxy baked into the webserver of the web interface for the AX21 redirects initiating traffic to tplinkwifi.net. There is a timeout built into the reverse proxy where within a given time period, you can go back and put the IP address http://192.168.1.1 and NOT be redirected. I have simlar, if not identical, configurations on my NGINX reverse proxy server.

 

I have 2 access methods I use to access most web servers on my network. Publically, If I want to access my servers remotely over HTTP/HTTPS, I use my own public DNS, a NGINX reverse proxy server, and internal DNS (along with firewall access rules) to access them all. Privately, if I want to access my servers locally, I use my own internal DNS to resolve local IP addresses. The FQDN for both public and private connections are identical so I don't need to worry about using different host names.

 

I also use AdGuard so I have a Public DNS-over-HTTPS server that I can use anywhere.

 

The reason I'm explaining all of this is to express my knowledge that browser cache as the "most likely" cause is arrogantly inaccurate.

 

Now, I cannot be certain that the AX21 is using some sort of reverse proxy to redirect as I'm not a hardware engineer and don't have the appropriate knowledge to gain console access to the AX21, assuming it even has such function. I can only speculate based on my ability to duplicate it using my own methods.

 

What I would like to see is the ability to disable or remove this. I, and many other security professionals, consider it a massive security flaw if the end-user does not have the ability to either disable it or directly configure. The domain, tplinkwifi.net, has already been "lost" by TP-Link .. sending unsuspecting users to a website designed for malicous purposes. DNS spoofing and poisining are real threats directly affected by this vulnerability.

  17      
  17      
#1
Options