192.168.1.1 is a pain, but it’s better than ‘admin:admin’ on the Web anyhow
TP-Link, rather than recovering domains it forgot to renew, is going to abandon them.
The domains in question are tplinklogin.net and tplinkextender.net.
They offered configuration services for buyers of the company’s home routers and Wi-Fi link extenders, and are identified on stickers on some devices (not all: two TP-Link routers in the author’s house, one less than three months old, direct users to the more conventional 192.168.1.1 for configuration).
The domains got scooped up by a squatter using an anonymous registration service, and according to Amity Dan who first noticed the snafu, they’re being offered for sale at US$2.5 million each.
The reach of the snafu is, fortunately, likely to be limited, because the stickers were attached to older devices ( Computerworld reported that more modern units point to tplinkwifi.net, but didn’t check the domain to see whether it’s active; it seems not, since the domain doesn’t respond to pings or traceroute).
TP-Link forgot to buy the domain https://t.co/kggHaY7XhlExploit can be made, the domain is for sell for 2.5m$ pic.twitter.com/JH7FkHItYU
— Amitay Dan (@popshark1) July 1, 2016
The biggest risk is if the domains are swept up by malware scum to snare users who go to the sites to reconfigure devices. ®