TP-link security issues

For while now Tom talked about how he feels that TP-Link has major security issues. However, he has yet to actually make a video or present sufficient evidence to actually backup what he is saying. I would love to see a video about TP-Link with actual evidence to support the argument that they are bad at security. It would also be nice if TP-Link was given a opportunity to respond since I’m sure they would argue that they are doing just fine in terms of security.

Just to be clear, I don’t care much about TP-Link. I run OpenWRT so that I don’t have to worry about vendor security problems. The thing that bothers me is making claims without evidence.

You can actually view it yourself. Also, google around. There are still un-patched zero day’s too like CVE-2025-9377, CVE-2023-50224, and CVE-2020-24363

Check all the CVE’s and cross reference them on their site. You’ll notice there is quite a big gap.

What you said here is just silly. Also, OpenWRT wont make your TP-Link device secure because there are hardware level issues regarding port security. And no, i wont provide any links or evidence to support what i just said.

There are so many good companies out there right now, TP-Link is just off the table. I have a couple dumb switches that I use, and they will be upgrade sometime soon because they are cheap and I’m not entirely sure that even the dumb switches are secure.

Also off the table are the bevy of generic networking gear littering Amazon, I just can’t see myself trusting less than Netgear level simple switches these days.

Believe whatever you want to believe I guess

I agree for the most part. However, it is hard to beat the price of TP-LInk. The question is what is the security cost of that. I personally have a TP-link AP running OpenWRT which was fairly inexpensive although it does show since the entire thing is made of cheap plastic. The problem with OpenWRT is that it is hard for non networking and Linux people to use.

Her is a recent example of them ignoring security researcher TP-Link Tapo C200: Hardcoded Keys, Buffer Overflows and Privacy in the Era of AI Assisted Reverse Engineering | evilsocket

Cisco Talos found lots of issues, but TP Link did respond to them

And I have pointed out in the past (but not made a video on it) that they were slow to patch issues like Log4J. They have such a wide list of products that I can not blanket say that they are all bad, but my limited experience working with Omada was that it’s a buggy slightly cheaper version of UniFi.

TP Link going from potentially being banned to becoming a CVE Numbering Authority is very suspicious and many of my security friends believe as I do, they became a CNA to control the narrative when handling their own CVE’s. They had announced TP-Link Systems Strengthens Product Security Leadership with New Appointment and Proactive Initiatives they were doing a bug bounty program, but that was a year ago and I am not seeing it on their site TP-Link - Security Advisory

If you want to run their hardware with something like OpenWRT I don’t really see an issue with that.

Maybe it’s time I make a video on this topic…

You can, but people will still buy them. No one cares about security and reliability.

With that said, I just received a noname 2.5g with POE+ dumb switch that I needed. It does have a not really vlan switch which might give it enough brains to be dangerous. I guess I need to look at it and see where it goes when I hook it up and hope they aren’t using a timer to delay any kind of check in.

And yes I bought this because it was cheap, and fanless (120 watts worth). And as soon as it arrived, things changed and I can move my lab closer and probably don’t even need it (of course).