Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    TP-Link Easy Smart Switch security question

    Scheduled Pinned Locked Moved Hardware
    185 Posts 44 Posters 88.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ
      johnpoz LAYER 8 Global Moderator
      last edited by

      It is there via https - just BAD

      The certificate is only valid for the following names: *.akamaized.net, *.akamaihd-staging.net, *.akamaized-staging.net, *.akamaihd.net, a248.e.akamai.net

      Agree yet another example of not really getting it ;)

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      1 Reply Last reply Reply Quote 0
      • V
        VAMike
        last edited by

        @johnpoz:

        It is there via https - just BAD

        The certificate is only valid for the following names: *.akamaized.net, *.akamaihd-staging.net, *.akamaized-staging.net, *.akamaihd.net, a248.e.akamai.net

        Agree yet another example of not really getting it ;)

        Those are always there when a site is hosted on akamai but not using https.

        1 Reply Last reply Reply Quote 0
        • W
          warheat1990
          last edited by

          TP-Link released beta firmware on July 2017 for both SG105E and SG108E, anyone care to try?

          Link:
          http://static.tp-link.com/TL-SG105E(UN)_V3_170717_Beta.rar
          http://static.tp-link.com/TL-SG108E(UN)_V3_170717_Beta.rar

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            did they release for v2?

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              Mmm, did they release for anything else? Is there an announcement anywhere?

              Steve

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                Not that I could find.. Typical it seems for this company..

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • thuetyT
                  thuety
                  last edited by

                  So my sg108e is directly connected to my cable modem with untagged VLAN x and PVID x.
                  How worried should I be about the VLAN 1 membership?
                  Wouldn't an attacker need to be in my cable/wan subnet?

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    I would not use that switch on WAN. It's a sketchy enough proposition with a good switch with a proper management VLAN.

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • B
                      belt9
                      last edited by

                      Security wise for a switch on WAN how about a RADIUS server?

                      Doesn't pfSense even have a package for that?

                      Never used it before so might not work at all?

                      1 Reply Last reply Reply Quote 0
                      • DerelictD
                        Derelict LAYER 8 Netgate
                        last edited by

                        What?

                        Chattanooga, Tennessee, USA
                        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                        1 Reply Last reply Reply Quote 0
                        • lexxaiL
                          lexxai
                          last edited by

                          Will add about security of this devices…
                          TL-SG1016DE security of changes value without any authentication.
                          It from testing of my device… VLAN1 is problem.
                          Now SG1016DE used only internally.

                          –
                          We have what we have. Everything that happens - for the better.

                          1 Reply Last reply Reply Quote 0
                          • T
                            tpham3783
                            last edited by

                            Hi guys,

                            Since TP-Link refused to give me the source code so I decided to take on this issue myself.

                            Here is how you can hack ( un-member ports on vlan1).  I have already tested on the SG108PE (hw version 3) switch and it worked.

                            1.  Setup your vlan configuration as usual
                            2.  Save the config (config.cfg)
                            3.  Open it up with a Hex-editor.  Right after the text "Default_VLAN" you will see FF (that's basically means all 8 ports are member of untagged vlan1).  Change it to 00 if you want to un-member all ports from vlan1.  As shown in the attached picture, I changed it to 80 because I still wanted port 8 to be a member of vlan1 so that I can manage the switch from web-gui.
                            4.  Save the file, restore the modified config in system:system_tools:restore_config
                            5.  Wait for the switch to reboot, goto vlan config, notice that ports belonging to vlan1 are changed.

                            Cheers!  I still hope for tp-link to fix this VLAN1 bug one day!  This is just a work-around.

                            tp_vlan1_disable_all_ports.png
                            tp_vlan1_disable_all_ports.png_thumb
                            tp_link_unmember_vlan1_hack.png
                            tp_link_unmember_vlan1_hack.png_thumb

                            1 Reply Last reply Reply Quote 0
                            • JKnottJ
                              JKnott
                              last edited by

                              I'll have to give that a try with my 5 port switch.  I don't suppose you'd have a fix for their TL-WA901N access point.  ;)
                              It has the same problem where data from the native LAN leaks into the VLAN & 2nd SSID.

                              I think those TP Link engineers need a lesson or 2 on VLANs.

                              PfSense running on Qotom mini PC
                              i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                              UniFi AC-Lite access point

                              I haven't lost my mind. It's around here...somewhere...

                              1 Reply Last reply Reply Quote 0
                              • JKnottJ
                                JKnott
                                last edited by

                                That fix doesn't seem to apply to the TL-SG105E switch.

                                PfSense running on Qotom mini PC
                                i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                                UniFi AC-Lite access point

                                I haven't lost my mind. It's around here...somewhere...

                                1 Reply Last reply Reply Quote 0
                                • T
                                  tpham3783
                                  last edited by

                                  @JKnott:

                                  That fix doesn't seem to apply to the TL-SG105E switch.

                                  Were you able to see the port assignment changed in step# 5?

                                  by the way, i saw vlan isolation w/ the work-around solution.  The only thing I saw strange was that the switch's IP address is a member of all vlans.  If I were to change my PC's IP address to the same subnet of the switch, I could communicate to it on non-native vlan, which is kinda weird.

                                  However, the switch is no longer behaving like a dumb switch because ports are removed from vlan1.

                                  1 Reply Last reply Reply Quote 0
                                  • johnpozJ
                                    johnpoz LAYER 8 Global Moderator
                                    last edited by

                                    I will give this a try on 105E v2 tonight when I get home..  Great info.. Thanks.

                                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                                    If you get confused: Listen to the Music Play
                                    Please don't Chat/PM me for help, unless mod related
                                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                                    1 Reply Last reply Reply Quote 0
                                    • lexxaiL
                                      lexxai
                                      last edited by

                                      Some analyze information about apply this method to TL-SG1016DE (HW:2)

                                      vlan:777,port: 5tag, name: TESTVVV
                                      777 = 0x0309 (0x09 0x03)
                                      5 =  0x10  (0001 0000) 5 bit.

                                      vlan:777,port: 5untag, name: TESTVVV
                                      777 = 0x0309 (0x09 0x03)
                                      5 =  0x10  (0001 0000) 5 bit.

                                      source: http://lexxai.pp.ua

                                      –
                                      We have what we have. Everything that happens - for the better.

                                      1 Reply Last reply Reply Quote 0
                                      • thuetyT
                                        thuety
                                        last edited by

                                        @tpham3783:

                                        Here is how you can hack ( un-member ports on vlan1).  I have already tested on the SG108PE (hw version 3) switch and it worked.

                                        Worked on my TL-SG108E 2.0, thanks!
                                        Why didn't I think of this…  ::)

                                        sg108e_vlan1_hack.PNG
                                        sg108e_vlan1_hack.PNG_thumb

                                        1 Reply Last reply Reply Quote 0
                                        • JKnottJ
                                          JKnott
                                          last edited by

                                          Were you able to see the port assignment changed in step# 5?

                                          No, there was very little recognizable text in the hex editor.  I did not see the word "Default", as shown in lexxai's post.

                                          The only thing I saw strange was that the switch's IP address is a member of all vlans.  If I were to change my PC's IP address to the same subnet of the switch, I could communicate to it on non-native vlan, which is kinda weird.

                                          On managed switches I've worked on, there was a specific management interface, which was assigned an IP address.  I've also set up networks where the management interface was on a separate VLAN.

                                          PfSense running on Qotom mini PC
                                          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                                          UniFi AC-Lite access point

                                          I haven't lost my mind. It's around here...somewhere...

                                          1 Reply Last reply Reply Quote 0
                                          • thuetyT
                                            thuety
                                            last edited by

                                            @JKnott:

                                            The only thing I saw strange was that the switch's IP address is a member of all vlans.  If I were to change my PC's IP address to the same subnet of the switch, I could communicate to it on non-native vlan, which is kinda weird.

                                            On managed switches I've worked on, there was a specific management interface, which was assigned an IP address.  I've also set up networks where the management interface was on a separate VLAN.

                                            Even after setting the VLAN 1 membership to port 8 only… I can still connect a client to any switch port, set the IP to the same subnet and then access the switch web login.
                                            So the VLAN 1 has no relevance for web admin access... I guess we can kill all VLAN 1 membership with the HEX hack..!?

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.