Due to recent hardware failure, I have been on the market for a new switch to replace my CISCO 24 port. I wanted something a bit smaller, that would still allow management features such as VLAN, QOS, Port monitoring, etc. With these requirements in mind, I found a good deal on a TP-Link TL-SG1016DE. This device may work okay for some regular non-paranoid individual, but from my perspective this device has some major security flaws. Here are a list of issues I have found so far…..
Quote from official TP-Link site: hmm…
First issue found: Visit management page and notice it’s using HTTP!!??!? on the login page.
Login Page:
HTTP Protocol:
Captured Login Traffic:
Second issue found: Resetting password only allows 16 character password (Only Letters and Underlines)
Third issue found: NMAP causes denial of service
To be fair, I have to include the good that I found during the assessment. I was unable to successfully execute a XSS and there were no odd ports open outside of port 80 on the port scan.
The good found during my testing. Input validation was sufficient.
Attempted a few XSS POST requests:
Results of XSS attempts:
NMAP of ports 1-65535:
In conclusion, the switch works well functionally. With that said, ensure that your network is hardened and the TP-Link switch is behind many layers of defense. Stay safe in the Trenches of IT!