Flashing a TP-LINK EAP225-Outdoor V1 with factory firmware v5.0.5

I have a TP-Link EAP225-outdoor v1 and would like to flash openwrt to it. I looked at the official steps listed here: https://openwrt.org/toh/tp-link/eap225 but they only explain how to flash it if you have an exploitable stock firmware of version 1.4.0. My device however came with version 5.0.5 installed, and the steps to activate telentd on the device seem to not work.

Anyone know of a way around this?

Tried downgrading the tplink fw?

Is that even possible? I worry it may brick it.

See the git-commit instructions -


Flashing instructions:

  • ssh into target device with recent (>= v1.6.0) firmware
  • run cliclientd stopcs on target device
  • upload factory image via web interface

There is always a risk of bricking a device when flashing firmware.

Make sure you understand, and are comfortable with the process of recovering your device.

Otherwise, stay with stock firmware.


Well it looks like that worked lol. Thanks. Someone should update the toh page for this device and mention that if you have stock firmware of 5.0.5 you can just do a web flash. The install instructions only mention flashing a v1 device if you have 1.4.0

Someone updated the device page ...

1 Like

The EAP225v1 doesn't have any firmware versions higher than v1.4.0, that's why the instructions specify that version. The EAP225-Outdoor v1 on the other hand (which @skilo has), uses the cliclientd stopcs trick.

I've reverted the wiki page to the previous version, since the EAP225v1 really does require the binary patch (unless somebody ever finds a different way around the signature check on those old things).

1 Like

yeah, you're right.

but the outdoor ToH link points to the non-outdoor page, perhaps create another device entry in there, dedicated to the Outdoor, stating what's in the git link ?

The install instructions for models other than the EAP225v1 are also on that page, but I can imagine someone might glance over that in a hurry.

The EAP245v1 has the same exploit as the EAP225v1, while the EAP245v3/EAP265HD and EAP235-Wall (and unsupported EAP230-Wall) also use the cliclientd stopcs command. Maybe it's better to group the devices in that way? Now both the EAP245 and EAP225 pages need to document both install instructions, which is also a bit redundant. The EAP245v1 currently doesn't appear to have a device page, so a new one could be created for the EAP225/245v1, with the correct factory install instructions.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.