Welcome again, dear readers. Today lets discuss about the latest router supplied by our internet service provider. UniFi. For those who recently subscribe to UniFi will get 3 standard items, a residential gateway (router), a broadband termination unit (BTU), a set up hypptv box and a dect phone. Lets focus on the main agenda here, most of the users in Malaysia gets Archer C1200 from UniFi as well as TIME as their stock router. However, not all free things comes without a problem. Such case recently happen to the D-Link company where according to a researcher called, Pierre, found that, the stock router supplied by TM and TIME (100Mbps and 300Mbps) which is D-Link 850L come with alot of vulnerabilities. The summary of the vulnerabilities found in the router is:
- Firmware “protection”
- WAN && LAN – revA – XSS – CVE-2017-14413, CVE-2017-14414, CVE-2017-14415, CVE-2017-14416
- WAN && LAN – revB – Retrieving admin password, gaining full access using the custom mydlink Cloud protocol – CVE-2017-14417, CVE-2017-14418
- WAN – revA and revB – Weak Cloud protocol – CVE-2017-14419, CVE-2017-14420
- LAN – revB – Backdoor access – CVE-2017-14421
- WAN && LAN – revA and revB – Stunnel private keys – CVE-2017-14422
- WAN && LAN – revA – Nonce bruteforcing for DNS configuration – CVE-2017-14423
- Local – revA and revB – Weak files permission and credentials stored in cleartext – CVE-2017-14424, CVE-2017-14425, CVE-2017-14426, CVE-2017-14427, CVE-2017-14428
- WAN – revB – Pre-Auth RCEs as root (L2) – CVE-2017-14429
- LAN – revA and revB – DoS against some daemons – CVE-2017-14430
Let’s focus on the agenda here, the TP-Link C1200 is a good router with an awesome specs. Most users will receive Archer C1200 v1 from TM as well as TIME. Below is the spec of the router in general:
|Router||TP-LINK Archer C1200 v1.0 (EU/US)|
|FCC Approval Date||31 August 2016|
|Country of Manufacture||China|
|Industry Canada ID||8853A-C1200|
|Power||12 VDC, 1 A|
|CPU1||Broadcom BCM47189B0 (900 MHz)|
|FLA1||16 MiB (Winbond W25Q128FVSG)|
|RAM1||128 MiB (Samsung K4B1G1646G-BCH9)|
|Expansion Ifs||USB 2.0|
|Serial||yes, 4-pad header|
|WI1 chip1: Broadcom||Broadcom BCM47189B0|
|WI1 802dot11 protocols||an+ac|
|WI1 MIMO config||2×2:2|
|WI1 antenna connector||U.FL|
|WI2 chip1||Broadcom BCM43217T|
|WI2 802dot11 protocols||bgn|
|WI2 MIMO config||2×2:2|
|WI2 antenna connector||U.FL|
Table 1: The specification of the TP-Link C1200 v1 by wikidevi.com
Why I am focusing on the topic? Is it very important? What can I get from this?. Well, let me explain in very detail.
The router supplied by the TM in general has firmware bugs that cause the router to have random reboot issue. Most of the users complaining that the total time taken for the router to be up is around 5 minutes. Not only that, there is a report saying that the router hangs during torrenting, downloading heavy files and streaming probably due to the memory leak (high cpu load). For the “lucky” users, the router reboot twice or thrice in a day. To overcome this issue, for the people who wish to use their stock router to the max before moving to buy a new router, for those who wish to save some bucks, for those who don’t have the budget to buy a new router, well, here what you can do.
Disclaimer, if you accidentally bricked your router, I shall not be responsible for the incident. Do at your own risk.
First of all, in order to flash the router, make sure you flash the router over a wired connection (LAN cable). Flashing the router over wireless not recommended. Plug your LAN cable to LAN port 2 on the router because by flashing to EU Australia firmware, LAN 1 reserved for the IPTV.
- Go to TP-LINK Australia website
Click to enlarge the image
- Next, download the Archer C1200(EU)_V1_170616 firmware. Unzip the file using tools such as 7-zip (recommended by me) or Winrar.
- Next, log in to your router by entering the default ip address of the router, 192.168.0.1 or tplinkwifi.net.
- Once you reach to the desired destination, click on the Browse button to upload the firmware from the download folder (make sure you know where you save the file). Once uploaded the file, click on the Upgrade button. The upgrading process will take some time. The router then will be restarted to complete the upgrade process.
- Once the flashing (upgrading) process completed, don’t be panic if you’re greeted with the new web admin interface of your router. If you’re not greeted with a web admin interface, just enter the default IP address of your router, 192.168.0.1.
- Once you greeted with the web admin interface, enter your new password (highly recommended) to secure your router even more. You can change the router’s default IP address with custom for more security. But most people will use the standard IP address of the router.
- If you forget your UniFi PPoE username and password, you can request from TM via dial to UniFi CS or 100.
- The above username and password demonstrate for the understandings of the user.
- Click on the next button.
- You can change the wireless channel later on the web admin interface.
- Click on the next button.
- You can skip from signing up TP-Link Cloud Service.
- Once completed, your router will restart and wait for the router to be online
- Pick wireless tab
- You can change the wireless
- Pick WPA2 and encryption type: AES.
- Use Wifi-Analyzer tool to scan your network to find which channel has the most congestion.
- Channel width should be 20Mhz because 2.4 GHz performs the best at 20 MHz
- Channel width for 5 GHz should be 40 MHz.
- Transmit power can be adjusted from low, middle and high. For my use, I select middle option.
- You can customize the profile for IPTV (previously chosen profile was Malaysia – UniFi).
- Key in Internet VLAN ID: 500, IP-Phone: 400 and IPTV VLAN ID: 600. Remember to tick the 802.1Q Tag checklist there.
- You can customize the LAN ports for internet and IPTV.
- Click save. The router will reboot again.
- If you don’t wish to use the stock TM dns, then you can opt to use third party dns such as Google DNS and Open DNS.
- Once entered the desired dns address, click save.
Click to enlarge the image
- To overcome high CPU load, you can disable the USB sharing and Print Server.
- Some users will say (suggest) that disabling the SPI Firewall will improve the router stability and lessens the CPU load. I would strongly emphasize that, do not disable the SPI Firewall.
- Use a unique username and a strong password that contains alphanumeric characters.
- Remember to disable the Remote Management.
There you go, you’ve finally flash the router and customize some of the settings to make your home network more secure. It is advisable to change your router password from time to time as well as your wireless password.
Advantage of using this firmware:
- No “@unifi” suffix
- Less boot up time
- Wireless signal stable (even better than Archer C7)
- Stable at the moment
Disadvantage of using this firmware:
- Firmware bug / defect
- Memory leak
- High CPU load
- Tend to hang at some circumstances
The image used in this post is from the TP-LINK emulator. Any inquires, you can comment down below.
Thank you for spending time to read my post. Have a great weekend. Will come back with a new information / topic.
UPDATE!!! A new beta firmware for the TP-LINK Archer C1200 were released to the testers on 3rd January 2018. According to the forum, it solves the random reboot issues. I will personally test the beta firmware on my own Archer C1200 router for my own satisfaction before giving out my review on the router that running on the beta firmware.
You can get the beta firmware here.
However, as an early precaution, do the flashing process only if you know what you’re doing. By flashing to the beta firmware, all your settings will turn back to default. Hence, make sure you do a backup before flashing your router. I do not responsible if you accidentally bricked your router. Do at your own risk or wait for my review on the router soon.
UPDATE!!! You can refer here for securing your home network. Applicable to all type of routers.
Do subscribe us on our YouTube channel: TechCyn.