What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

News U.S. Weighs Ban on Chinese-Made Router in Millions of American Homes (TP-Link)

I saw that in the news today as well. The fact that TP-Link equipment is less expensive and appears to be well supported is compelling, but I worry about products where the features are too good to be true for the price.
 
Objects in Space said:
Here is a shorter article that summarizes the core security issues and the Chinese company not fixing known security flaws of the TP-Link routers.
Click to expand...

More moral panic in the US over things "China" related at the moment... whether it's Huawei, ZTE, others - just earlier today, more sanctions against China Telecom doing business in the US - it's just a thing, and I get it.

Mixed feelings here, as there is legit concern for any consumer networking gear having security issues - the code is complex because of creeping features - e.g. let's do network VPN, filesharing, let's open up the code for third party scripts, etc...

TP_link isn't the only one there - and we've seen more that a fair share of issues with other vendors such as Netgear, Cisco, etc...

Some of the issues are upstream in the Chipset Vendor SDK's, others are inside the Vendor code, and of course, for more "open" devices, the third party scripts that are resistant to audits.

Again, as I say, Moral Panic - are they legit bugs, or are they intentional backdoors? If we go down that path of backdoor issues, then gear from every company is suspect...
 
If really so concerned - replace the devices for free with something Made in USA. About 65% of the market... may cost around $20B give or take, no biggie. At least cyber care will be there in place of health care. Everyone will be happy. I'm personally more concerned about the cats...
 
sfx2000 said:
More moral panic in the US over things "China" related at the moment... whether it's Huawei, ZTE, others - just earlier today, more sanctions against China Telecom doing business in the US - it's just a thing, and I get it.

Mixed feelings here, as there is legit concern for any consumer networking gear having security issues - the code is complex because of creeping features - e.g. let's do network VPN, filesharing, let's open up the code for third party scripts, etc...

TP_link isn't the only one there - and we've seen more that a fair share of issues with other vendors such as Netgear, Cisco, etc...

Some of the issues are upstream in the Chipset Vendor SDK's, others are inside the Vendor code, and of course, for more "open" devices, the third party scripts that are resistant to audits.

Again, as I say, Moral Panic - are they legit bugs, or are they intentional backdoors? If we go down that path of backdoor issues, then gear from every company is suspect...
Click to expand...
The legitimate concern is any vendor that is knowingly selling their products with known security issues and purposely not going to patch their products.

If the problem is baked into the chips, then the vendor should have already released a security bulletin. Examples are old Intel chips or Apple's Secure Enclave chips.

Leaving security holes is bad for retail customers, businesses and governments that use their products that opens various threat vectors for hackers and governments.

If the shoe were on the other foot, what do you think China would being recommending right now?

EDIT: Fixed my grammar errors and provide better clarity.
 
Last edited:
I setup a TP-Link AXE75 (first gen WiFi6e, 2022) two days ago for a neighbor, their purchase... it looked ok... has enough features standalone and the webUI is more hard-wired than with ASUS equipment... did not try its mesh. But its webUI is cloud account/ID-oriented/sticky... it wants to lead you down that rabbit hole.

The Home Shield part adds Trend Micro-like security, parental controls, and QoS; but can't be used without that TP-Link cloud account that binds your network to theirs... there is even a factory reset option to not reset/lose the TP-Link account settings... how convenient!... and the security bits you would want to use require a subscription and recurring cost... so no-go there. No DoT support. Left 6.0 WLANs disabled.

I had one setup issue with it... it would not save settings until I relaxed my recently locked down browser site permissions... not sure which ones since I was on the clock and had to get it done before their dinner.

Also noticed less frequent firmware releases.

I sent them a Google Search link to the ban news... I trust that was a bummer. :rolleyes:

OE
 
Last edited:
Objects in Space said:
If the shoe were on the other foot, what do you think China would being recommending right now?
Click to expand...

Who knows, probably one of their domestic brands - they have a vibrant set of OEM's that are typically not available in the NA and EMEA markets... and their own silicon that is rarely seen outside of market.

If one really wants something secure - best option at the moment is Google Nest WiFi - they have a discrete TPM chip that signs all the code, including the bootloader, and very few services exposed on the device itself - I suppose the risk there is that they are managed by Google Home app, so there is the risk of one's Google account being compromised...

(Google's Nest routers are essentially headless Chromebook's for all intent and purposes as their BSP is Chromium OS with the SoC vendor SW limited to drivers only)
 
sfx2000 said:
best option at the moment is Google Nest WiFi - they have a discrete TPM chip that signs all the code,
Click to expand...

...🤣 track record:

CVE-2017-15031
CVE-2021-0399
CVE-2021-22555
CVE-2023-48419
CVE-2023-6339
CVE-2024-22004

Having something encrypted just means its encrypted and never implies it can't be hacked,bent, or spindled.
 
Digilog said:
Having something encrypted just means its encrypted and never implies it can't be hacked,bent, or spindled.
Click to expand...

Key thing is the that Google WiFi devices have signed code, so unsigned code cannot run...

There's also good things around read-only partitions and proper accounting, e.g. not everything runs as root on a Google device.
 
sfx2000 said:
Key thing is the that Google WiFi devices have signed code, so unsigned code cannot run...
Click to expand...
Nice. It will pair with my gateway server that I use as my main router. Because IPFire, the OS it runs, has been built like like since its conception. So its immune to scripts and rootkits.
 
Digilog said:
Nice. It will pair with my gateway server that I use as my main router. Because IPFire, the OS it runs, has been built like like since its conception. So its immune to scripts and rootkits.
Click to expand...

Just note that Google Nest WiFi won't mesh if the primary router is in AP mode, it will only do mesh if it is the primary gateway - that, along with very little control over WiFi suggests that it's not likely useful in your use case.
 
sfx2000 said:
Just note that Google Nest WiFi won't mesh if the primary router is in AP mode, it will only do mesh if it is the primary gateway - that, along with very little control over WiFi suggests that it's not likely useful in your use case.
Click to expand...
There is a specific way you do it. You turn off the wan and dhcp, link the nodes then plug the 1st one in the network by a LAN port. If you want wired back haul you plug a cable into the lan it switches over in a couple of minutes. The WAN and DHCP just has to be disabled on all devices for this to work. This is actually baked in the binary everyone used when they compiled it for their router OS.
 
You can't turn off WAN and DHCP on Nest Wifi and with no WAN connected the router and mesh points will indicate no Internet connection. This is a little different than "turn any router in AP" general idea. You can use single unit in AP mode though, if enough.
 
Tech9 said:
You can't turn off WAN and DHCP on Nest Wifi and with no WAN connected the router and mesh points will indicate no Internet connection. This is a little different than "turn any router in AP" general idea. You can use single unit in AP mode though, if enough.
Click to expand...
Obviously you guys don't know about this, WAN off DHCP off, LAN connected to a DHCP network. To switch nodes to wired backhaul, they just plug into the LAN port and it auto configures in about a minute.
 
Obviously... 🤨
 
The only other thing is you use static connection for the mesh nodes addresses of the lan network you connect to them by the lan port.
 
Tech9 said:
You can't turn off WAN and DHCP on Nest Wifi and with no WAN connected the router and mesh points will indicate no Internet connection. This is a little different than "turn any router in AP" general idea. You can use single unit in AP mode though, if enough.
Click to expand...

Exactly - the Nest WiFi points are very simplistic from a UI perspective - one can use a single Nest Router in AP mode, but this negates the mesh abilities...
 
sfx2000 said:
Exactly - the Nest WiFi points are very simplistic from a UI perspective - one can use a single Nest Router in AP mode, but this negates the mesh abilities...
Click to expand...
I'm just telling you what has to happen to set it up with a network. Since there is so many conditions that has to get met first, its been a small puzzle to write the UI part without it being a setup wizard based dialog.
 
Digilog said:
I'm just telling you what has to happen to set it up with a network. Since there is so many conditions that has to get met first, its been a small puzzle to write the UI part without it being a setup wizard based dialog.
Click to expand...

That's the other thing with Nest - there is no local user interface - there is a web server running on the LAN side, but go there via a browser and it directs you to use the Google Home App.

As I've mentioned - these are not normal AP's and Routers - it's a completely different breed of device - they're secure for the most part, and easy to set up, but not a lot of flexibility - might be good to send over to Grandparent's or Parents, as they are handy enough to admin remotely from a handset.
 
You must log in or register to reply here.

Similar threads

O
US lawmakers urge probe of WiFi router maker TP-Link over fears of Chinese cyber attacks
Replies
15
Views
3K
jerry6
jerry6
TheLostSwede
News TP-Link Responds to ITC’s Initial Determination
Replies
4
Views
836
sfx2000
sfx2000
S
Solved Setting up VLAN with AX11000 Pro and TP-Link 802.1Q managed switches
Replies
2
Views
818
ssm1234
S
F
Need help with building mesh system
Replies
15
Views
2K
Tech9
Tech9
H
Any thoughts on ISP supplied TP-Link EX820v 2.5Gb WAN/LAN, AX6000 router?
Replies
12
Views
5K
hd1080ts
H

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 1,693 (members: 8, guests: 1,685)
Back
Top