TP-Link Easy Smart Switch security question

johnpoz · Jun 12, 2021, 1:17 AM

Thanks for the info dude.. I have been known to throw out some books of posts myself.. So yours is really short to be honest ;)

Looking forward to hearing how it turns out.. Good luck with the project.

thiasaef · Jun 12, 2021, 9:15 AM

@mattthetechlv said in TP-Link Easy Smart Switch security question:

I hooked it up and played with it for a bit and confirmed that when you remove VLAN 1 from a Port, you can no longer access the Management

You can access the management from any VLAN, which is why I returned both my V5 and V6.

MattTheTechLV · Jun 12, 2021, 9:24 AM

@thiasaef Right, this is true with the Stock Firmware. I am doing what @Apocalypse did above and Flashing my V1 With Netgear's GSS108E's Firmware (The Netgear switch runs the same exact Hardware under the hood as the V1). What you quoted me saying above was in relation to me checking the Netgear GSS108E at a clients earlier today and confirming that it does not in fact suffer from the same problem that the TP-Link TL-SG108E does. This means if @Apocalypse is correct (and considering his detailed write up above I am inclined to believe him) and I can easily flash the Netgear GSS108E Firmware onto the TL-SG108E, then its likely this firmware will take care of that stupid VLAN Bug. Will let you guys know how it works for me tomorrow.

Also, appreciate the kind words @johnpoz !

rajkosto · Jul 9, 2021, 10:43 AM

i have two V2.0s, is there any reason to reflash them to the GSS108E firmware as the above poster has accomplished ? some people say that the GSS108E doesnt even have a webgui, you have to use their tool ??? i don't care that the management interface is accessible via any VLAN really, but the webgui does seem weird on these

johnpoz · Jul 9, 2021, 1:54 PM

@rajkosto said in TP-Link Easy Smart Switch security question:

i don't care that the management interface is accessible

That is not the issue... The issue is if all ports are still in vlan 1, you don't have an actual vlan capable switch..

I have a v2 switch.. And I was able to use the v3 firmware, now the device thinks is a v3 hardware ;)

https://forum.netgate.com/post/987193

And v2 has a web gui, and after flash to v3 firmware they released - you can remove vlan 1 via the gui.

rajkosto · Jul 9, 2021, 1:57 PM

@johnpoz i was talking about switching them from TP-Link to Netgear GSS108E firmware (which would require me to open them up and break out the soldering iron), they're already upgraded to v3.0 ;)

johnpoz · Jul 9, 2021, 3:56 PM

Ah.. Use of the other makers firmware.. My bad. Misread that.

But if you have a tplink one, v2 you can just use the fix they released for v3 hardware to be able to remove the vlan 1 from ports it shouldn't be on.

this is a much "easier" fix ;) Or just trash the thing, or just use it as dumb and get a better vlan capable switch.. Where the makers are not completely clueless to how vlans are suppose to work ;)

rajkosto · Jul 9, 2021, 7:33 PM

@johnpoz well supposedly netgear is such a maker thus why using their firmware would be a good idea ?

Apocalypse · Jul 9, 2021, 5:55 PM

@rajkosto Netgear's firmware can only be flashed to TL-SG108E v1.0.

v1.0 does not allow modifying or removing VLAN 1, it also does not have web interface. While Netgear's yes.

Advantages over TP-Link firmware:

Configuration web in TL-SG108E v1
You can modify VLAN1, leave it without any port and even delete it.
You can disable the configuration access with the Netgear ProSAFE Plus Utility tool, which will prevent the Switch from being discovered by broadcast packets.

rajkosto · Jul 9, 2021, 5:58 PM

@apocalypse well you said

It is really simple, I think it could also be done in a v2/3.

so i assumed it was a no brainer, probably just put the mac address in both places of 0xFC000 and 0x1FC000 so it uses one of them
if you have tried it and it doesnt work, then i shouldnt bother at all, of course

rajkosto · Jul 9, 2021, 6:25 PM

@rajkosto what happens if you use DHCP client on TL-SG108E btw ? which VLAN does it take the dhcp IP from ?

johnpoz · Jul 9, 2021, 7:33 PM

@rajkosto

I had a few netgear switches over the years - and have never seen such a blunder like tplink where you could not remove vlan 1 from ports.

In a post they stated on their own forums they stated it was on purpose to allow access to the web gui from every port.. Clearly showing a complete and utter lack of basic grasp of what a vlan is.. Do you have such examples of netgear doing the same nonsense?

rajkosto · Jul 9, 2021, 7:35 PM

@johnpoz that statement is a lie anyway since you can access the management IP from any VLAN, not just VLAN 1 (once you remove ports from VLAN1 on v3.0+ firmware)
so i guess it gets DHCP from VLAN 1 always ? why is the default Port VID 1 instead of 0 anyway ?

Apocalypse · Jul 9, 2021, 7:39 PM

@rajkosto v1 has different chip than v2/v3.

Anyway v3 does allow to remove ports from VLAN1. And this firmware can be flashed in v2 directly (I did so).

rajkosto · Jul 9, 2021, 7:39 PM

@apocalypse what chip is the v1 ? i assume the v2/v3 are RTL8370M ? or is it the other way around (in your first post you said it was RTL8370N which cant be because those are unmanaged)

Apocalypse · Jul 9, 2021, 7:57 PM

@rajkosto Yes, v1 has RTL8370N which is managed. Also Netgear GSS108E. You can get more information here: https://github-com.translate.goog/libc0607/Realtek_switch_hacking/blob/master/RTL8370N-SR8808M.md?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=es&_x_tr_pto=

There is even a Chinese firmware, with a web interface similar to that of TP-Link but without customization.

v2/v3 have RTL8367C. Yes, I know it is 5 ports but it is what appears in the TP-Link firmware if you open it with a hex editor.

v4/v5 I do not know.

rajkosto · Jul 9, 2021, 8:23 PM

@apocalypse this whole TP-Link situation is a mess anyway, both the firmwares available on their site are labeled 1.0.0 for some reason (even though one is clearly newer than the other, via date and build no), and they have both Easy Smart Configuration Utility and Unmanaged Pro Configuration Utility available on the website which is the exact same application just renamed...
i guess theres nothing else to do for my V2.0 other than to run V3.0 2017 firmware on it
EDIT: heh trying out the DHCP client feature and its bugged, both my "smart switches" ended up getting the same IP from openwrt dhcp server (maybe because i chained one into the other), however the easy smart config program was able to distinguish them and change settings independently ???

grocerylist · Jul 24, 2021, 8:48 PM

@johnpoz
I've flashed my v2 to the v3 firmware but I'm unable to remove VLAN1 from all ports. I'm able to remove VLAN1 from all ports but port 1. If I try to remove VLAN1 from port 1 the switch goes offline (i'm unable to save the config with VLAN1 deleted from port 1) and I have to reboot to get connectivity back. My goal is to remove VLAN1 and change the default native vlan to something other than 1. Were you able to do this with the v3 firmware or do you know if this is possible?

I now know I should have never bought one of these switches in the first place but if there's some way to get them to work, I'd like to try rather than tossing them in the trash. If I knew what I now know, I'd have never bought these "smart switches" and would have bought another Juniper EX2200-C.

Thanks!

Apocalypse · Jul 24, 2021, 8:54 PM

@grocerylist Should not. The Switch is accessible from any VLAN. Access it through a different VLAN than 1 on another port and try again.

grocerylist · Jul 24, 2021, 10:02 PM

This post is deleted!