Update: newer TP-Link routers share DNS requests without permission

Update: newer TP-Link routers share DNS requests without permission

Newer TP-Link router models share data with security company Avira without permission.

According to a Reddit poster and tech website XDA, TP-Link’s standalone and mesh routers secretly share data about many DNS requests with security company Avira. Sharing is enabled by default.

Avira provides a cloud-based security service for the TP-Link routers: HomeShield Security. Although TP-Link gave the impression that end users can disable the service, data reportedly remains to be shared after opting out of the feature.

According to the whistleblowers, a great deal of data is being sent to *.safethings.avira.com. The number of DNS requests ranges from 42,000 to 80,000 per day.

Update: We reached out to TP-Link for a response. A spokesperson confirmed that some models automatically send requests to Avira subdomains, a German antivirus software company. These models include HomeShield, a security feature supported by Avira.

“Contact with this server is required to enable the security feature”, TP-Link said. “After reviewing the software, we identified errors in the DNS request logic. This resulted in frequent requests. In addition, when the HomeShield package was disabled, it was found that frequent contact was still being made.”

“All contact with this server is anonymous. It never contains personal information. We have optimized the software to prevent frequent inquiries. These improvements become active after installing the new firmware. We will publish new firmware for models daily.”

The firmware is available for most models. Below, you’ll find a list of all affected products, relevant firmware and release dates. TP-Link promises that an update will be available for every model starting March 28.

No.ModelRelease TimeFirmware Download
1AX55v1DONELink to firmware
2AX73v1DONELink to firmware
3AX53v12022-03-18 
4AX90v12022-03-21 
5AX72v12022-03-21 
6AX4400v1/V22022-03-21 
7AX4800v12022-03-21 
8AXE75DONELink to firmware
9AX75v1DONELink to firmware
10AX55v2DONELink to firmware
11Deco X68v1DONELink to firmware
12Deco X20/X25/W3600v4DONELink to firmware
13Deco X60v3DONELink to firmware
14Deco X3600DONELink to firmware
15Deco W6000DONELink to firmware
16Deco W6000v2.6DONELink to firmware
16.2Deco W7200 V1DONELink to firmware
17Deco X50v1DONELink to firmware
18Deco X55v1DONELink to firmware
19Deco X60v4.6DONELink to firmware
20Deco XE5300v12022-03-20 
21Deco X80-5Gv12022-03-20 
22Deco X90v12022-03-21 
23Deco X57002022-03-21 
24Deco Voice X20 v12022-03-25 
25Deco X20-4G2022-03-25 
26Deco X73-DSL v12022-03-25 
27Deco X20-DSL v12022-03-25 

Tip: Research finds vulnerabilities in nine popular Wi-Fi routers