Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    TP-Link Easy Smart Switch security question

    Scheduled Pinned Locked Moved Hardware
    185 Posts 44 Posters 99.3k Views 20 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R Offline
      rajkosto @Apocalypse
      last edited by

      @apocalypse well you said

      It is really simple, I think it could also be done in a v2/3.
      

      so i assumed it was a no brainer, probably just put the mac address in both places of 0xFC000 and 0x1FC000 so it uses one of them
      if you have tried it and it doesnt work, then i shouldnt bother at all, of course

      R A 2 Replies Last reply Reply Quote 0
      • R Offline
        rajkosto @rajkosto
        last edited by

        @rajkosto what happens if you use DHCP client on TL-SG108E btw ? which VLAN does it take the dhcp IP from ?

        1 Reply Last reply Reply Quote 0
        • johnpozJ Online
          johnpoz LAYER 8 Global Moderator @rajkosto
          last edited by

          @rajkosto

          I had a few netgear switches over the years - and have never seen such a blunder like tplink where you could not remove vlan 1 from ports.

          In a post they stated on their own forums they stated it was on purpose to allow access to the web gui from every port.. Clearly showing a complete and utter lack of basic grasp of what a vlan is.. Do you have such examples of netgear doing the same nonsense?

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

          R 1 Reply Last reply Reply Quote 0
          • R Offline
            rajkosto @johnpoz
            last edited by

            @johnpoz that statement is a lie anyway since you can access the management IP from any VLAN, not just VLAN 1 (once you remove ports from VLAN1 on v3.0+ firmware)
            so i guess it gets DHCP from VLAN 1 always ? why is the default Port VID 1 instead of 0 anyway ?

            1 Reply Last reply Reply Quote 0
            • A Offline
              Apocalypse @rajkosto
              last edited by Apocalypse

              @rajkosto v1 has different chip than v2/v3.

              Anyway v3 does allow to remove ports from VLAN1. And this firmware can be flashed in v2 directly (I did so).

              R 1 Reply Last reply Reply Quote 0
              • R Offline
                rajkosto @Apocalypse
                last edited by

                @apocalypse what chip is the v1 ? i assume the v2/v3 are RTL8370M ? or is it the other way around (in your first post you said it was RTL8370N which cant be because those are unmanaged)

                A 1 Reply Last reply Reply Quote 0
                • A Offline
                  Apocalypse @rajkosto
                  last edited by Apocalypse

                  @rajkosto Yes, v1 has RTL8370N which is managed. Also Netgear GSS108E. You can get more information here: https://github-com.translate.goog/libc0607/Realtek_switch_hacking/blob/master/RTL8370N-SR8808M.md?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=es&_x_tr_pto=

                  There is even a Chinese firmware, with a web interface similar to that of TP-Link but without customization.

                  v2/v3 have RTL8367C. Yes, I know it is 5 ports but it is what appears in the TP-Link firmware if you open it with a hex editor.

                  v4/v5 I do not know.

                  R 1 Reply Last reply Reply Quote 0
                  • R Offline
                    rajkosto @Apocalypse
                    last edited by rajkosto

                    @apocalypse this whole TP-Link situation is a mess anyway, both the firmwares available on their site are labeled 1.0.0 for some reason (even though one is clearly newer than the other, via date and build no), and they have both Easy Smart Configuration Utility and Unmanaged Pro Configuration Utility available on the website which is the exact same application just renamed...
                    i guess theres nothing else to do for my V2.0 other than to run V3.0 2017 firmware on it
                    EDIT: heh trying out the DHCP client feature and its bugged, both my "smart switches" ended up getting the same IP from openwrt dhcp server (maybe because i chained one into the other), however the easy smart config program was able to distinguish them and change settings independently ???

                    1 Reply Last reply Reply Quote 0
                    • G Offline
                      grocerylist @johnpoz
                      last edited by

                      @johnpoz
                      I've flashed my v2 to the v3 firmware but I'm unable to remove VLAN1 from all ports. I'm able to remove VLAN1 from all ports but port 1. If I try to remove VLAN1 from port 1 the switch goes offline (i'm unable to save the config with VLAN1 deleted from port 1) and I have to reboot to get connectivity back. My goal is to remove VLAN1 and change the default native vlan to something other than 1. Were you able to do this with the v3 firmware or do you know if this is possible?

                      I now know I should have never bought one of these switches in the first place but if there's some way to get them to work, I'd like to try rather than tossing them in the trash. If I knew what I now know, I'd have never bought these "smart switches" and would have bought another Juniper EX2200-C.

                      Thanks!

                      A 1 Reply Last reply Reply Quote 0
                      • A Offline
                        Apocalypse @grocerylist
                        last edited by

                        @grocerylist Should not. The Switch is accessible from any VLAN. Access it through a different VLAN than 1 on another port and try again.

                        G 1 Reply Last reply Reply Quote 1
                        • G Offline
                          grocerylist @Apocalypse
                          last edited by

                          This post is deleted!
                          1 Reply Last reply Reply Quote 0
                          • R Offline
                            risemann
                            last edited by

                            Hi guys!
                            This topic was interesting for me when I was looking for any information about security of these cheap switches.
                            If I remember correctly it is mentioned here that similar Netgear switches have the ability to turn off their web-interface. I found an article which proposes a strange "hack" which might be left in the firmware intentionally. This "hack" allows to disable web-gui on my TL-SG105E V5 until next reboot. Actually not only web-gui but the ability to be reconfigured and to be discovered by the configuration utility.

                            Here is the command:
                            curl -d "username=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx&logon=Login" -X POST http://192.168.0.1/logon.cgi

                            The length of the username does matter. It's kind of buffer overflow, which doesn't looks like very reliable and enterprise-ready method but it's all we have :)

                            1 Reply Last reply Reply Quote 1
                            • R Offline
                              risemann
                              last edited by

                              Your beautiful ant the most intelligent anti-spam filter does not allow me to post a link to the original article. 😽

                              johnpozJ 1 Reply Last reply Reply Quote 0
                              • johnpozJ Online
                                johnpoz LAYER 8 Global Moderator @risemann
                                last edited by

                                @risemann said in TP-Link Easy Smart Switch security question:

                                Your beautiful ant the most intelligent anti-spam filter

                                heheh - yeah I have no idea how it figures out what links should be allowed what should not.. But it then allows clear spam all the time with links, etc.

                                If you PM the link, be happy to post it for you.

                                The article sounds interesting.. Yeah my 2 cents on those switches - say a freak away..

                                An intelligent man is sometimes forced to be drunk to spend time with his fools
                                If you get confused: Listen to the Music Play
                                Please don't Chat/PM me for help, unless mod related
                                SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                                1 Reply Last reply Reply Quote 1
                                • E Offline
                                  easycompany251
                                  last edited by

                                  Got a similar situation (I think) with another switch model - Netgear GS305EP.

                                  VLAN1 is defaulted everywhere and cannot be removed from ports.

                                  Reason I stumbled upon this is that I have this switch in front of PFSense - similar to a set up in which you only have 1 NIC on a PFSense box and basically whenever I connect this switch, PFSense is unable to acquire an IP from my ISP......which makes me think that somehow this switch is trying to pull an IP using DHCP from VLAN1.

                                  johnpozJ 1 Reply Last reply Reply Quote 0
                                  • johnpozJ Online
                                    johnpoz LAYER 8 Global Moderator @easycompany251
                                    last edited by

                                    @easycompany251 said in TP-Link Easy Smart Switch security question:

                                    GS305EP

                                    Hmmm - that is sad to hear, I do not have one to play with.. But not talking about deleting vlan 1 from the switch. Talking about removing it from a port when in 802.1q mode..

                                    I looked for an emulator and can not find one to play with.. I have no use for a poe model, but I might be able to get non poe model the gs308e or gs305e to play with.. hmmm

                                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                                    If you get confused: Listen to the Music Play
                                    Please don't Chat/PM me for help, unless mod related
                                    SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                                    E 1 Reply Last reply Reply Quote 0
                                    • E Offline
                                      easycompany251 @johnpoz
                                      last edited by

                                      @johnpoz

                                      Yeah I tried excluding it from all ports.....but the web-ui requires it for at least 1 port....

                                      johnpozJ 1 Reply Last reply Reply Quote 0
                                      • stephenw10S Offline
                                        stephenw10 Netgate Administrator
                                        last edited by

                                        If it's only on one port that's OK. The problem situation is when all ports are forced to always be a member of the same VLAN.

                                        Steve

                                        E 1 Reply Last reply Reply Quote 1
                                        • johnpozJ Online
                                          johnpoz LAYER 8 Global Moderator @easycompany251
                                          last edited by

                                          @easycompany251 said in TP-Link Easy Smart Switch security question:

                                          but the web-ui requires it for at least 1 port....

                                          Yeah as @stephenw10 stated leaving it on 1 port so you can get to the gui to admin, is prob a safety feature to prevent users from shooting themselves in the foot. And would be preferred to allowing all ports to be able to get to the gui.

                                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                                          If you get confused: Listen to the Music Play
                                          Please don't Chat/PM me for help, unless mod related
                                          SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                                          1 Reply Last reply Reply Quote 1
                                          • E Offline
                                            easycompany251 @stephenw10
                                            last edited by easycompany251

                                            @stephenw10 @johnpoz

                                            Right so after you mentioned VLAN1 being on a single port, I went back and was actually able to make it work.

                                            Turns out I left the VLAN1 on all ports (as defaulted) and the switch does allow for it to be set to one. Never even thought about removing VLAN1 all together except for a single port.

                                            Thanks!

                                            1 Reply Last reply Reply Quote 1
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.