Re: Tp-link Admin

1 view
Skip to first unread message
Message has been deleted

Linda Berens

unread,
Jul 14, 2024, 4:56:55 PM7/14/24
to hernicounki

The TP-Link NVR's allow you to create Operator and View Only accounts. However, the VIGI Secuirty Manager & Mobile Apps do not allow you to enter any username other than the default "admin" account. Therefore, there is no way of providing limited access to the system for other users except by giving them full administrative access. This is very poor for a business system. Please fix the VIGI Security Manager & Mobile App's so that other user accounts configured in the NVR can be used!!!

Dear @Tomasin ,
I hope I've understood your wishes correctly, if not, please feel free to correct me. I've added some extra information provided by fellow users in other threads, the way I see it now, probably this user account / remote management topic is the one that occurs the most frequently in the forum (or at least it seems to be fairly common and affect many people). It is not environment-specific and not related to some old, used, third-party hardware of one customer, but it's rather something where the whole VIGI ecosystem may need to improve a bit and fixing this would help many users at once.

Dear @Hank21 ,
first of all I have to tell you (and other readers), that I am a happy and satisfied VIGI user. I'd recommend this product line to others, yet as always, there is some room for improvement.
When I saw this post, I decided to gather some feedback already posted somewhere else by others related to similar topics to help you and to make the VIGI development even faster, maybe this makes somehow my life (and the life of other users) a bit easier.
I have noticed myself too, that this admin-only thing can be an issue, so I decided to look up what situations other users may have confronted...

This posts reflects my personal opinion as an embedded software engineer and as a TP-Link customer/VIGI ecosystem user, but wherever it was possible, I've added a reference from others to show, that there are multiple users affected, some directly, some indirectly...

Here is what I've found (I have not checked and verified all the issues myself):

tp-link admin


DOWNLOAD https://urluss.com/2yRTpL



A possible use case scenario:
We have a VIGI camera and want to let someone else (neighbor, employee... etc.) we don't fully trust (not an admin) watch the camera's RTSP stream. RTSP stream is a marketed feature (supported protocol) of the VIGI cameras, just like the ONVIF API. We tell them for example to use VLC Player (it does support RTSP), yet we have to give them a username/password combination. Which one? Giving the admin username/password is not an option (they can log in to the camera by installing and using VIGI Security Manager, change the password and the password reset email and lock us out; or they can disable ONVIF event detections used somewhere else in a more complex ONVIF surveillance system using third-party cameras, NVRs... etc... Note: Assume we don't want to use very complex and expensive firewall systems, IP based restrictions, that are not secure anyway or other workarounds to prevent this...)! We need to for example create an operator or rather a simple, user level user (as described by the ONVIF standards, see links to PDFs below) and delete it later (e.g. we don't trust the neighbor anymore, employee leaves our company... etc.). Let us create the user "peter" with the password "password12345" and with the ONVIF user level "user" (example) on the VIGI camera. But how? I have found no solutions for this scenario using VIGI Security Manager.

My experiments:
I have tried to make this work by using ONVIF Device Manager, I managed to add, modify and delete users on the VIGI camera (C300HP), but the RTSP stream was not working with those users in VLC (again: no way to try this in VIGI Security Manager). As long as operator and user level ONVIF users also existed on the camera, various interesting bugs showed up (stream unaccessible in VLC, even with admin password, stream encryption somehow automatically got enabled in VIGI Security Manager), after reverting to the original state of only one user named admin with admin rights, everything worked as intended. Maybe I was not trying hard enough and thought it is a feature not fully implemented yet, so I might try again in the future. So it is possible, that it's working like a charm, but I've somehow failed to set something correctly...

Summary in a nutshell:
I guess many users would like to have good and useful remote management (NVR, Camera, we live in the era of home office and IT/surveillance outsourcing) with the ability to do so without giving everyone the admin password and admin rights (remember: VIGI devices are business-class security/surveillance products).

Username field is not appearing. There is only password field. I tried password "admin' but it didn;t work. I reset my router and tried "admin" password again. Still it is not working. I also tried accessing through different browser, different device still no success. Please suggest,

I could see it is getting correctly reset since I need to enter default password to connect to the network. However, no luck with "admin" password on the default gateway. I tried resetting router again, disconnected all devices connected to the router, cleared browser cache. Still not able to see username field on default gateway and password "admin" is not working.

I just upgraded the firmware on my EAP245 last night, and now I can't stay logged in to the admin console. Sometimes it will stay logged in for a few minutes, other times just for a few seconds, but randomly it just kicks me out and sends me back to the login screen.

@Tony as I mentioned in the OP, this is on the order of seconds, not 15 minutes like the timeout default. This is something in the admin console code or firmware. It spans multiple devices and browsers too.

I recently bought a new Archer C9 router and decided to have a look around at the firmware to see what I could find. I ended up finding out a way to reset the admin password gain a remote shell from an unauthenticated user.

After downloading and extracting the firmware from the TP-Link website I saw that most of the admin interface was written in lua. With a bit of digging I can across the password reset feature, designed to allow the admin to reset their password if they forget it.

This is disabled by default, but the only time that this setting was checked was to see if the code should be emailed to the admin or not. The reset token was still created when requested regardless of the settings, and could be used to reset the password if correctly supplied.

os.time() returns the seconds since epoch, so we should easily be able to recreate this token by seeding with the same number! The router also returns a Date header, so we can just parse that and get the exact server time and hence the exact seed!

I set up a new AC1750 without too much problems. Now when I log in to the Admin page to do some tweaking I keep getting booted out back to the login page. Then when I try to login again I get an Invaild RSA Public Key error. I close out the Admin page and after a few minutes I can log back in but then I get kicked out again very shortly after logging back in. Also sometimes after geting the boot out the Admin page is giving me the initial screen you get when setting up a new router wher it is asking for a new password and a confirmation of that password. I need to get this resolved and any insight is appreciated.

I have not received a reply yet to my initial post about why I sometimes get booted out of my admin page. Also sometimes when I try to get in via tplinkwifi.net instead of presenting me with just a password page it is presenting me with a new set up password and confirmation page. Eventuallly if I close out the admin page and reenter it will present the password login page. I need to know why this is happenening.

An additional question that i hope someone will answer. On the Basic Network Page I am not seeing all of my wireless clients that are connected. For example I can see my laptop as a wireless client but I do not see the wireless printer that is also connected. On the Advanced Network DHCP server page I see the wireless printer client. Why do I not see it on both the Basic and DHCP server pages? I'm not very knowledgeable on networking so it might be a simple answer but I'd like to understand this.

When experiencing the issue of being booted off of the admin page, look at the LED lights of the router. Does it look like it is rebooting? To know that, turn off the router then turn it back on to see what the LED lights do for comparison.

It would also be good to check if your build is the latest version. Log into the router and look on the bottom of the page, compare the build number to our firmware page. Build numbers work as a date. If your build is the latest then you are ok, if it is old, update it.

I have the router in a different room than where I use the laptop so I don't know if it was rebooting. Why would it be rebooting? And if it was rebooting why was it presenting me with a new password and confirm page instead of just the password screen that I could enter the one I created when first setting up?

Edit to above. Just for kicks I tried the admin page. After entering the password I got an Invalid RSA Public Key message what is that?? Then I closed out the admin page and went back in and it shows me the new password and confirm page as if I need to do a new set up. And I went to check the Router and all the display lights are solid so I don't think it was rebooting. What is going on here?

59fb9ae87f
Reply all
Reply to author
Forward
0 new messages