Due to recent hardware failure, I have been on the market for a new switch to replace my CISCO 24 port.  I wanted something a bit smaller, that would still allow management features such as VLAN, QOS, Port monitoring, etc.  With these requirements in mind, I found a good deal on a TP-Link TL-SG1016DE.  This device may work okay for some regular non-paranoid individual, but from my perspective this device has some major security flaws.  Here are a list of issues I have found so far…..

Quote from official TP-Link site: hmm…

First issue found: Visit management page and notice it’s using HTTP!!??!? on the login page.

Login Page:

HTTP Protocol:

Captured Login Traffic:

 Second issue found: Resetting password only allows 16 character password (Only Letters and Underlines)

Third issue found: NMAP causes denial of service

To be fair, I have to include the good that I found during the assessment.  I was unable to successfully execute a XSS and there were no odd ports open outside of port 80 on the port scan.

The good found during my testing.  Input validation was sufficient.

Attempted a few XSS POST requests:

Results of XSS attempts:

NMAP of ports 1-65535:

In conclusion, the switch works well functionally.  With that said, ensure that your network is hardened and the TP-Link switch is behind many layers of defense.  Stay safe in the Trenches of IT!

Leave a Reply