Hi Everyone,
In light of all the news around the TP-Link routers being hacked… (Yes, I know I’m late to the game with this.)
What is the thoughts behind using TP-Link’s Access Points? Specifically I have an EAP610 unit. Are these affected as well? (My assumption is that since it lives behind my router/firewall, it will not suffer the same issue as the routers.)
Basically I’m asking if I should take it down and replace it or can I safely continue to use it?
Thanks.
1 Like
The majority of vulnerabilities are assuming the stock tp-link programming being exposed to the internet. I have a few tp-link routers acting as dumb APs via OpenWRT and practically none of the famous tp-link vulns apply to me. OpenWRT even fixes WPA2 KRACK, which my APs are vulnerable to if not flashed. Impressive.
1 Like
Thanks for the reply.
Sounds like the prudent thing to do is to replace the factory firmware with OpenWRT which I believe exists for the EAP610.
1 Like
flashing OpenWRT will likely solve most vulnerabilities, but possibly not all of them. some are hardware-level or microcode related. youd have to go down that rabbit hole of CVE’s specific to your revision of your model to determine exactly how much your risk is being reduced by OpenWRT.
also depends on the personal question: how secure is “good enough” for you to tolerate?
I understand the only secure hardware is one that is not plugged in. 
I just didn’t know if the TP-Link Wireless APs were much of a problem as their Routers.
1 Like
I would just replace it with something from mikrotik. mikrotik would be my go to for cheap networking stuff.
Hi!
Unfortunately, the issue is that some security researchers are worried that the security vulnerabilities might be attributed to malice rather than incompetence. Such as some routers periodically phoning “home”. There is also the balance of trade issue where politics gets involved.
OpenWRT is a good option if available, but, the performance might vary as it might not include some driver or firmware due to its proprietary nature. Also, it isn’t automatically secure as there are bugs in it as well.
Personally, am okay with governmental/law enforcement oversight as long as it is done in a secure and legal manner with the proper safeguards.
1 Like