wow, CNET has really gone to shit, hasn’t it?
three popups, including a full screen, autoplaying video, and banner
guess that’s going on my blocklist
I never understand how these sites survive. So many zombie businesses.
They always sucked, they used to have a list of some software that I used and downloading through them inevitably got you multiple.other prompts for third party shit and random download buttons.
They’ve been bought out and gutted a couple times over. It’s very sad
Cursed site is auto playing a video that isnt even visible when on mobile.
This. Jesus fuck I thought I was going insane for a minute. Awful design.
- goverment warns about Wifi network secuirty
- PRISIM exists.
Billionaires buying children exist.
Totally off topic, but I was reading the article on Fennec (mobile Firefox clone) while playing music over Bluetooth to my car. I was parked waiting for someone, not driving. No streaming service, playing honest to god mp3s from my device, when out of the blue I got VPN ads over the speaker.
Fennec indicated that cnet was playing them, but there as was no video box or other audio player widget active, so it looks like they are splicing invisible audio ads in somehow?
I’m also using ublock origin on mobile plus AdAway (rooted), so that’s not an easy feat.
Could anyone double check? That’s the most obnoxious behavior I’ve experienced in recent time.
Are you sure there wasn’t a video at the top or bottom of the web page? What you were listening to is kind if irrelevant, since if some other media starts playing it’ll pause whatever media was playing before.
Nope there wasn’t anything visible, I’ve been scrolling up and down to verify. Unless the video was somehow truncated or scaled to 1x1 px or something.
Fennec (mobile Firefox clone)
It’s not a Firefox clone, it is Firefox.
It’s a clone of the official Firefox repo stripped of all telemetry.
Using Firefox focus and zenarmour on my firewall. Same problem.
I’ll do some digging in the code and see if I can come up with a custom filter for ublock.
Using Firefox. I just had this same experience (- the car) but yeah, I couldn’t find any vid to stop. I ended up just muting the phone
I used the volume controls for the website in my phone’s pulldown menu to stop it, then the music player resumed. Still very much unwanted behavior. Will dig into the page source and see if there’s anything hidden.
Good. TPLink makes cartoonishly insecure consumer grade equipment. A better solution is that the US establishes some minimum infosec standards for this equipment, but that would require time and thought.
Do you have any information to share about their bad security? I have a couple of their routers which seem to work quite well. Any I really at risk, and anymore than I would be with something from Linksys or Netgear?
Here are two new vulnerabilities from this month.
Here are some more exploits from 2023
Here are all the TPLink vulnerablies known publicly
Am I really at risk, and anymore than I would be with something from Linksys or Netgear?
As always, depends on your threat model. I have cheap TPLink switch in my home network because its cheap and kept behind a pfsense firewall. The TPLink switch is not allowed to talk to the internet. This is good enough for me as I don’t have a threat model where something attacks the switch from inside my network.
For completeness here are Cisco’s and Netgear’s vulnerabilities. Infosec security is a journey, not a destination.
Thank you for that! I’m keeping the cvedetails link bookmarked.
My two devices, the Archer BE9300 router and the TL-WA3001 AP aren’t listed with any known vulnerabilities, though I suppose it may be they haven’t been tested. The BE9300 is pretty popular though so that would be surprising.
The known vulnerabilities in their other devices don’t appear malicious or any worse than other common vendors either however. Given the state of the US government and its desire to monitor it’s citizens, I can’t decide if it’s contempt for TP-Link is a bad thing or not. They might just be mad they can’t get the vendor to give them a backdoor.
I will add the following:
US was looking at this before Trump took office (Dec 2024)
https://www.itpro.com/security/the-us-could-be-set-to-ban-tp-link-routers
TP Link’s sloppy security lead to the creation of a Chinese botnet.
https://cybernews.com/security/chinese-hackers-hijacked-thousands-of-tp-link-wifi-routers/
Replace the firmware on your current TPLink devices with OpenWRT, for a temporary solution.
A solution to what exactly? Nobody has provided any information about definitive risks.
An as OpenWRT goes it would either be a permanent solution or no solution at all. How would it be temporary?
Nowadays it wouldn’t surprise me if a secondary system was hidden on a chip on a router, meaning you could replace the main firmware and still be spied on, it’s better to have hardware you can trust top to bottom from the country you live in, but as far as what the risk cited by US officials is then it’s probably something like being used as a sleeper device that will later be included in massive botnet attacks like the AISURU botnet well documented to be made up of compromised consumer devices.
My money would have been on Cisco rather than TP-Link, though.
It’d have to literally be a full CPU that somehow has only read access to the RAM such that it’d be a genuine feat of engineering. Either that or the whole thing is just a virtualized device, but the cooling demands for either method would exceed the threshold for passive cooling in those enclosures and require fans at that point.
Bloomberg wrote an article several years ago that was absolutely slaughtered for making up from bad sources such a chip concept except even more unbelievable because they claimed it was hidden inside the PCB itself and only like 6 or 8 pins? Absolutely absurd for anyone who understands electrical engineering or microcontrollers at all.
OpenWRT is a permanent solution for older TP-Link routers. Their newer routers are locked down and not supported by OpenWRT.
If you can, look for a mikrotik device, especially if you are in Europe. They are well established, not hard to use, but have extreme depth of features for advanced users, and they are not expensive.
I have one mikrotik poe AP I use and am quite happy with, but certainly not something I’d recommend for non-technical people because it’s firmware isn’t consumer friendly.
However my question is really what’s the real risk in using TP-Link devices. Neither the article or any of the comments link to any explanation of the actual risks. Is my network actually open to hackers now? Is my router able to be used for dos attacks or for other purposes now? Everyone is acting like their flaws are common knowledge and there’s zero info about genuine flaws or exploits.
deleted by creator
But that’s not really answering anything. Why? What makes their products more insecure or hackable than other brands? Like do they have ports open by defaults? Is the interface they use insecure and easily hacked? Or is this purely a “were not sure exactly but they probably have a back door”
deleted by creator
Why?
TP-Link is excellent for cheap switching hardware which a ton of vendors overprice for the same quality. Its your OG made in China deal that works pretty well for the price.
Otherwise, you should skip it as a router and instead opt for either a better AIO, or put in the 2 minutes of extra effort to get a cheap ethernet router and a separate AP because AIOs are still overrated in 2025 for the price per quality.
Not to mention that 5 GHz channels are getting clogged these days even on the DFS channels which people shouldn’t be using all the time. I know its not possible for a lot of people, but you’re really better off on even bargain basement maximum cheapo Cat-5e cables.
Gb WiFi speeds and MuMIMO not gonna matter when you have CSMA/CA throwing a metric ton of RTS and CTS packets causing increasing amounts of retries as you add stations.
Probably worst scenario is if you’re living in an apartment surrounded by like 50 stations within range. No amount of 802.11 magic is gonna give you a stable connection.
Spot on. Also, the popularization of wifi “smart devices” that often have a buggy or just bad network stack implementation does not help
This actually reminded me of an actual instance of this I discovered for a family member.
Their 2.4Ghz devices would just randomly drop connections at seemingly random times, and changing the router didn’t fix anything.
So I fired up bettercap to take a look, and lo and behold it was a GE “smart” oven that would spam advertise its SSID with beacon frames on an interval and would block traffic because all the other devices would see a busy channel.
The funniest thing is said family member specifically decided against using the oven wifi feature because he already knew it was not going to be useful or even reliable, but he had no idea the wifi feature was left on which was causing all the packet drops.
Upon further investigation, we realized he actually did turn it off, but because the tap button was basically at elbow height, it was super easy to accidentally bump and flick back on.
Conclusion is that some GE ovens double as a crappy WiFi jammer lmao.
TP Link is the Temu of routers. For decades they have been the “cheaper router” and it shows.
Bullshit.
It depends on what you buy from them and always has been. Their Omada line is on par with Ubiquiti, some other gear is similar to other commercial grade gear.
If you buy their cheap shit, yeah,it’s cheap. But they,as most manufacturers, have a broad spectrum…
Just reflecting comments from clients. Was a computer consultant for 45yrs(now retired). They did not like them.
Yeah,does not reflect the actual situation.
Currently especially their SDN capable stuff (Omada) is far better than e.g. the Ubiquiti stuff - we are relatively surprised by the build quality for the bucks you pay,tbh. (And unlike Ubiquiti they can be run stand alone and SDN).
Not defending their China-issues btw, we absolutely recommend to all our clients that they put a OPNsense in front of it. But it does it job and has it’s place in small businesses. (And tbh,their Wifi gear is good enough that I have seen it in fairly large deployments)
Sadly there’s not too much alternative for that sector atm.
Can still put openwrt on them can’t you?
Depends on CPU, not all of them supports out of box nor have upstream
Yeah. Definitely should check the openwrt supported routers for sure
Low Level Learning has a good video in TP-Link. Even if they aren’t malicious, they have refused to fix obvious exploits for decades.
Considering they recently also complained about Mikrotik I would,well, not give to much merit on that shit.
Microtik is the router brand that I want to love, I even looked into deploying them when I worked at a service provider. Those little things had more features than anything else, but unfortunately they had such a poor track record with vulnerabilities that they really can’t be considered.
Yeah, especially router wise I tend not to recommend them as well, but we widely use OPNsense as FWs now. Switching wise they are good and tbh, their track record got much better. (And everyone elses got worse, looking at you,Forti)
We tend to recommend Omada for smaller clients that would otherwise use ubiquiti (their track record is…far worse) and simply put a OPNsense in front of it. These are small healthcare establishments - the alternative is often far worse (cousin John doing the network or some antique Zyxel the local IT shithead service sold them as new) and with the OPN we can do due dilligence IT security wise.
Source?
Do Americans not have FritzBox routers for that crap to be the most popular router?
FR even though I hate Republicans and this admin when I saw this headline I thought “good shit, regulate the industry.”
Maybe because the US agencies have just not found their own backdoors into them…
Get a Protectlii vault with opnSense. Not horribly expensive and very very secure.
I was planning to get the OpenWRT One. Any reasons that would be a bad idea?
Do not take what this government says at face value. Palantir has their fingers in it like crazy.
TP Link is just as bad at security as most other consumer electronics vendors:
I have a couple older TPLink Wi-Fi 5 routers with OpenWRT. One is used as a router running various services like DHCP, DNS, firewall, VPN, etc., and the other is just an access point. I’ll probably eventually get a rack-mounted router and some Wi-Fi 7/8 access points, but my current setup works well enough, especially since I mostly use Ethernet for anything requiring a fast connection.
