Welcome to TP-LINK Tech Support Forum
+ Reply to Thread
Page 2 of 9 FirstFirst 1 2 3 4 ... LastLast
Results 16 to 30 of 124
  1. #16
    the lack of response or acknowledgment from tplink on this very serious security issue is not acceptable, this was disclosed to all manufactures about 50 days before it went public. it effects WPA2 at the protocol level so there is no question weather tplink is effected. i will be replacing all tplink products with another company that takes security of its customers seriously, i work in infosec and i can tell you that this is a poor response compared to others.

  2. #17
    I hope TP-Link is aware of it's responsibility in this matter - "If your wifi isn't safe, your family isn't safe".

  3. #18
    If I understand correctly, if you have the latest Windows 10 update you should be safe if you're on WiFi. On Android, iPhone or any other we'll have to wait for a patch.

    My question is: will a firmware update on the router ensure protection if your Android is not patched? A lot of us don't have vanilla Android and I don't know when updates will drop for all these models.

  4. #19
    Yes I agree. I hope they are aware. Also it seems my last post has been censored.

    edit: my previous post was NOT censored, it just wasn't approved yet. sorry for the mistake,
    Last edited by is2017; 10-18-2017 at 02:05.

  5. #20
    To be direct, this is disturbing that after many years of using their device, I see this kind of response from tplink.For people asking earlier - assume that everything is vulnerable, because it most likely is. Considering that firmwares of most of devices didnt update for over 1 year...Safety - yes, basically everything that is sent in unencrypted channel is potentially visible by foreigners. I was angry to see that not only this forum login/signup doesnt use HTTPS, but even TP-Link admin panel of router doesnt do it (all yours passwords right now might be directly visible if you're signing in from wifi to those places)Now we get claims that patch will be released in coming weeks, while all this time is every single router is vulnerable... Nice prompt response... Should have done this two months earlier!

  6. #21
    Junior Member kid is on a distinguished road
    Join Date
    Oct 2017
    Posts
    1
    Hopefully you will update the routers.

  7. #22
    " So it might be that your router does not require security updates."

    I hope that if TP-Link decides this is the case for any of its products, it gives a detailed explanation of why this is not the case.

  8. #23
    Junior Member mattp_eng is on a distinguished road
    Join Date
    Oct 2017
    Posts
    1
    Our business uses EAP245's and it was their initial value that led us to choose them but it's this response that makes us really regret not spending slightly more to go with the Ubiquiti access points. If we had Ubiquiti access points we would have been able to apply the patch yesterday and move on.

    As others have noted in some other threads here, most of us smaller business users can't risk our engineering data being vulnerable, so we simply unplugged all of our access points until TP-LINK can get their act together.

    I'd personally recommend that any business user seriously consider another OEM for any professional network based on this pathetic response.

  9. #24
    Quote Originally Posted by Artichokes View Post
    " So it might be that your router does not require security updates."

    I hope that if TP-Link decides this is the case for any of its products, it gives a detailed explanation of why this is not the case.
    That's very simple. Vanhoef, the guy who discovered the bug, is releasing scripts to test for the vulnerability. If a device is not vulnerable, there's no need to release an update.

    If you don't want to take TP-Link's word for it, you can run those tests yourself. (I'm sure a number of security vendors will come up with easy to use tools if the scripts proof complicated.)

  10. #25
    Quote Originally Posted by tplink View Post
    We will list the affected models after a confirmation and the beta releases should be available in the coming weeks.
    WEEKS (!) Come on TP-Link this isn't something you can address over the 'coming weeks' - You have to address it NOW. Even if it's to say that nothing needs doing. Your rivals seem to be releasing patches all over the place.

    Would you please also remember that customers running some of your more legacy equipment models may well be affected. It would be nice to see for instance, my Archer D9 receive an update if it is deemed necessary.
    Some of us are quite happy with these legacy goods but would definitely be more than happy to look at rival products from other vendors (that have been patched) should the necessity for new equipment arise in the near future.

  11. #26
    Quote Originally Posted by Radar View Post
    WEEKS (!) Come on TP-Link this isn't something you can address over the 'coming weeks' - You have to address it NOW. Even if it's to say that nothing needs doing. Your rivals seem to be releasing patches all over the place.

    Would you please also remember that customers running some of your more legacy equipment models may well be affected. It would be nice to see for instance, my Archer D9 receive an update if it is deemed necessary.
    Some of us are quite happy with these legacy goods but would definitely be more than happy to look at rival products from other vendors (that have been patched) should the necessity for new equipment arise in the near future.
    You are aware that Windows and Apple are already patched which means those devices have no issues even connecting to w router or access point that is not patched. Android is not patched yet and google says not until November yet 1 day after the release people are demanding TP-Link to have an update already or know when they will have one? Imagine paying for a $900 Google Pixel and being told you are insecure for the next month or deploying a fleet of Sonic Firewall devices over your corporate footprint and be told Dell has no information at this point?

    Make sure you PC and or Apple is up to date and use ONLY SSL enabled websites that your passwords are sent to. Finally, let tp-link do their job and get the router patches done.

  12. #27
    It affects the WPA and WPA2 protocols, you can tell which models are affected by reading their boxes Basically all of them. I'll gladly throw my tp link router in the trash due to their asinine response. Does anyone know of any consumer grade [wifi] routers that have patches already?

  13. #28
    is the updates will be released for all devices ?

  14. #29
    Members jgu is on a distinguished road
    Join Date
    Aug 2017
    Posts
    15
    TP-Link: you were notified of this vulnerability more than 90 days ago. During that embargo period you should have researched the issue and prepared suitable updates. What the hell have you been doing?

  15. #30
    I have been disappointed with TP-Link's response so far. This is not encouraging me to recommend them in future, despite the fact that I have had no issues with their hardware to date.

    As an aside, why is this forum not running on HTTPS!?


 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Copyright 1996-2017 TP-LINK Technologies Co., Ltd. All rights reserved.