Solution for TP-LINK Archer C1200v1

Welcome again, dear readers. Today lets discuss about the latest router supplied by our internet service provider. UniFi. For those who recently subscribe to UniFi will get 3 standard items, a residential gateway (router), a broadband termination unit (BTU), a set up hypptv box and a dect phone. Lets focus on the main agenda here, most of the users in Malaysia gets Archer C1200 from UniFi as well as TIME as their stock router. However, not all free things comes without a problem. Such case recently happen to the D-Link company where according to a researcher called, Pierre, found that, the stock router supplied by TM and TIME (100Mbps and 300Mbps) which is D-Link 850L come with alot of vulnerabilities. The summary of the vulnerabilities found in the router is:

  1. Firmware “protection”
  2. WAN && LAN – revA – XSS – CVE-2017-14413, CVE-2017-14414, CVE-2017-14415, CVE-2017-14416
  3. WAN && LAN – revB – Retrieving admin password, gaining full access using the custom mydlink Cloud protocol – CVE-2017-14417, CVE-2017-14418
  4. WAN – revA and revB – Weak Cloud protocol – CVE-2017-14419, CVE-2017-14420
  5. LAN – revB – Backdoor access – CVE-2017-14421
  6. WAN && LAN – revA and revB – Stunnel private keys – CVE-2017-14422
  7. WAN && LAN – revA – Nonce bruteforcing for DNS configuration – CVE-2017-14423
  8. Local – revA and revB – Weak files permission and credentials stored in cleartext – CVE-2017-14424, CVE-2017-14425, CVE-2017-14426, CVE-2017-14427, CVE-2017-14428
  9. WAN – revB – Pre-Auth RCEs as root (L2) – CVE-2017-14429
  10. LAN – revA and revB – DoS against some daemons – CVE-2017-14430

 

Let’s focus on the agenda here, the TP-Link C1200 is a good router with an awesome specs. Most users will receive Archer C1200 v1 from TM as well as TIME. Below is the spec of the router in general:

Router TP-LINK Archer C1200 v1.0 (EU/US)
Availability now
Manu/OEM/ODM Proware
FCC Approval Date 31 August 2016
Country of Manufacture China
Type wireless router
FCC ID TE7C1200
Industry Canada ID 8853A-C1200
Power 12 VDC, 1 A
Connecter type barrel
CPU1 Broadcom BCM47189B0 (900 MHz)
FLA1 16 MiB (Winbond W25Q128FVSG)
RAM1 128 MiB (Samsung K4B1G1646G-BCH9)
Expansion Ifs USB 2.0
USB Ports 1
Serial yes, 4-pad header
WI1 chip1: Broadcom Broadcom BCM47189B0
WI1 802dot11 protocols an+ac
WI1 MIMO config 2×2:2
WI1 antenna connector U.FL
WI2 chip1 Broadcom BCM43217T
WI2 802dot11 protocols bgn
WI2 MIMO config 2×2:2
WI2 antenna connector U.FL
ETH chip1 BCM47189B0
Switch Broadcom BCM53125S
LAN speed 10/100/1000
LAN ports 4
WAN speed 10/100/1000
WAN ports 1

Table 1: The specification of the TP-Link C1200 v1 by wikidevi.com

Why I am focusing on the topic? Is it very important? What can I get from this?. Well, let me explain in very detail.

The router supplied by the TM in general has firmware bugs that cause the router to have random reboot issue. Most of the users complaining that the total time taken for the router to be up is around 5 minutes. Not only that, there is a report saying that the router hangs during torrenting, downloading heavy files and streaming probably due to the memory leak (high cpu load). For the “lucky” users, the router reboot twice or thrice in a day. To overcome this issue, for the people who wish to use their stock router to the max before moving to buy a new router, for those who wish to save some bucks, for those who don’t have the budget to buy a new router, well, here what you can do.

Disclaimer, if you accidentally bricked your router, I shall not be responsible for the incident. Do at your own risk. 

First of all, in order to flash the router, make sure you flash the router over a wired connection (LAN cable). Flashing the router over wireless not recommended. Plug your LAN cable to LAN port 2 on the router because by flashing to EU Australia firmware, LAN 1 reserved for the IPTV.

  • Go to TP-LINK Australia website

Click to enlarge the image

  • Next, download the Archer C1200(EU)_V1_170616 firmware. Unzip the file using tools such as 7-zip (recommended by me) or Winrar.
  • Next, log in to your router by entering the default ip address of the router, 192.168.0.1 or tplinkwifi.net.
3
Browse to Advance -> System Tools -> Firmware Upgrade
  • Once you reach to the desired destination, click on the Browse button to upload the firmware from the download folder (make sure you know where you save the file). Once uploaded the file, click on the Upgrade button. The upgrading process will take some time. The router then will be restarted to complete the upgrade process.
  • Once the flashing (upgrading) process completed, don’t be panic if you’re greeted with the new web admin interface of your router. If you’re not greeted with a web admin interface, just enter the default IP address of your router, 192.168.0.1.
  • Once you greeted with the web admin interface, enter your new password (highly recommended) to secure your router even more. You can change the router’s default IP address with custom for more security. But most people will use the standard IP address of the router.
4
Pick the current time zone (For Malaysia users)
5
Select PPoE. An additional info will appear below and select Malaysia – Unifi profile
6
Enter your PPoE username and password. The password should be 13 characters long
  • If you forget your UniFi PPoE username and password, you can request from TM via dial to UniFi CS or 100.
  • The above username and password demonstrate for the understandings of the user.
  • Click on the next button.
7
Set up your wireless SSID and password
  • You can change the wireless channel later on the web admin interface.
  • Click on the next button.
  • You can skip from signing up TP-Link Cloud Service.
  • Once completed, your router will restart and wait for the router to be online
8
The main web admin interface of your router.
  • Pick wireless tab
  • You can change the wireless
13
Make your wireless security to WPA/WPA2 – Enterprise
  • Pick WPA2 and encryption type: AES.
  • Use Wifi-Analyzer tool to scan your network to find which channel has the most congestion.
  • Channel width should be 20Mhz because 2.4 GHz performs the best at 20 MHz
  • Channel width for 5 GHz should be 40 MHz.
  • Transmit power can be adjusted from low, middle and high. For my use, I select middle option.
9
Custom IPTV profile
  • You can customize the profile for IPTV (previously chosen profile was Malaysia – UniFi).
  • Key in Internet VLAN ID: 500, IP-Phone: 400 and IPTV VLAN ID: 600. Remember to tick the 802.1Q Tag checklist there.
  • You can customize the LAN ports for internet and IPTV.
  • Click save. The router will reboot again.
12
Customize the DNS server, 8.8.8.8 and 8.8.4.4
  • If you don’t wish to use the stock TM dns, then you can opt to use third party dns such as Google DNS and Open DNS.
  • Once entered the desired dns address, click save.

Click to enlarge the image

  • To overcome high CPU load, you can disable the USB sharing and Print Server.
  • Some users will say (suggest) that disabling the SPI Firewall will improve the router stability and lessens the CPU load. I would strongly emphasize that, do not disable the SPI Firewall.
16
You can change your router username and password here
  • Use a unique username and a strong password that contains alphanumeric characters.
  • Remember to disable the Remote Management.

There you go, you’ve finally flash the router and customize some of the settings to make your home network more secure. It is advisable to change your router password from time to time as well as your wireless password.

Advantage of using this firmware:

  • No “@unifi” suffix
  • Less boot up time
  • Wireless signal stable (even better than Archer C7)
  • Stable at the moment

Disadvantage of using this firmware:

  • Firmware bug / defect
  • Memory leak
  • High CPU load
  • Tend to hang at some circumstances

The image used in this post is from the TP-LINK emulator. Any inquires, you can comment down below.

Thank you for spending time to read my post. Have a great weekend. Will come back with a new information / topic.


UPDATE!!! A new beta firmware for the TP-LINK Archer C1200 were released to the testers on 3rd January 2018. According to the forum, it solves the random reboot issues. I will personally test the beta firmware on my own Archer C1200 router for my own satisfaction before giving out my review on the router that running on the beta firmware.

You can get the beta firmware here

However, as an early precaution, do the flashing process only if you know what you’re doing. By flashing to the beta firmware, all your settings will turn back to default. Hence, make sure you do a backup before flashing your router. I do not responsible if you accidentally bricked your router. Do at your own risk or wait for my review on the router soon. 


UPDATE!!! You can refer here for securing your home network. Applicable to all type of routers.


Do subscribe us on our YouTube channel: TechCyn.

Facebook
Twitter
Instagram

Thank you.

Advertisements

4 thoughts on “Solution for TP-LINK Archer C1200v1

    • First of all, I would like to ask sincere apology for late reply your comment. I tried the firmware, it seems it has some stability issues. The router auto reboot twice a day. You can try to use the beta firmware. I’ve attach a link there. Thank you.

      Like

  1. “UPDATE!!! A new beta firmware for the TP-LINK Archer C1200 were released to the testers on 3rd November 2018.”

    Something is off here, 3 Nov 2018?? You mean 2017 right?

    Like

    • First of all, I would like to ask sincere apology for late reply your comment. It was my mistake of typing to fast in the description there. It should be 3rd January 2018. I’ve change it. Thank you for highlighting my mistake. Much appreciated. Thank you.

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s