[<prev] [next>] [day] [month] [year] [list]
Message-Id: <201607011100.u61B0pX3018082@sf01web2.securityfocus.com>
Date: Fri, 1 Jul 2016 11:00:51 GMT
From: Info@...ermoon.cc
To: bugtraq@...urityfocus.com
Subject: Logic security flaw in TP-LINK - tplinklogin.net
TP-LINK forgot to buy the domain www.tplinklogin.net which is beings used to configure many of the hardwares they have, like routers configuration.
The domain is available to buy via escort service, so potential attacker can get it, it's all about money.
There is unknown holder who have the domain right now, and has been confirmed to be out of the company.
As for now, the company decided to make minor fixes. Yet - they don't like to buy the domain from the unknown seller, for now.
I've contacted the Chinese CERT, the US-CERT the Israeli CERT and the company.
The logic behind using domain in the first time, instead of IP address is the main problem here, forgetting to buy the domain is the second mistake.
While checking how many users are trying to use it, I've realized that's this is effecting plenty of people.
My advice is to block the domain by the ISP.
It seems that's some people understood that's the service is not good, and complained about it online, however I didn't saw a publication concern the security effect of the issue
I hope this mistake won't happened again
Amitay Dan
CEO at Cybermoon
for more info please follow
www.cybermoon.cc
www.amitaydan.com
@popshark1
Powered by blists - more mailing lists