Follow ZDNET: Add us as a preferred source on Google.
ZDNET's key takeaways
Some Tenda routers have a firmware backdoor.
The backdoor can be exploited remotely.
Details of the backdoor are easily available.
Several firmware versions released for a popular brand of routers have been found to contain an undocumented backdoor that can allow anyone full access to the hardware.
The brand in question is Tenda, a company that manufactures network equipment such as routers, switches, access points, and video cameras. It's a popular brand that sells hardware via the usual channels, such as Amazon.
The vulnerability was discovered by an anonymous researcher and reported by the CERT Coordination Center (CERT/CC) earlier this week.
Also: How I turned my old Android phone into a Wi-Fi extender - and fixed dead spots at home
Put simply, the backdoor is an admin password that's been baked into the firmware that allows anyone who knows it to bypass access control security (username and password) and access the internal settings of the router.
By accessing a router's administration panel, an attacker would be able to carry out a number of tasks that you might not want a third party to be able to do, from running internal network scans to find all the devices on the network to grabbing the Wi-Fi passcodes, setting up certain ports and web traffic to be forwarded to another destination, and disabling security features.
Also: My home's Wi-Fi dead zones were worse than I thought - here's what fixed them
While CERT has not reported what the username and password backdoor is, I was able to find it pretty easily, and since I have some Tenda hardware here, I was able to confirm that the backdoor works.
Given the ease of the hack, the fact that all the details are out there, and the popularity of Tenda hardware, I expect this hack to be exploited by hackers.
Firmware versions affected
The firmware versions that are affected are:
US_FH1201V1.0BR_V1.2.0.14(408)_EN_TD
US_W15EV1.0br_V15.11.0.5(1068_1567_841)_EN_TDE
US_AC10V1.0re_V15.03.06.46_multi_TDE01
US_AC5V1.0RTL_V15.03.06.48_multi_TDE01
US_AC6V2.0RTL_V15.03.06.51_multi_T
It's not known if this backdoor was added maliciously or as some sort of way for tech support to access hardware where the user has lost the password.
Also: Chrome's next update will kill your ad blocker - and make the web less safe
Either way, it's not a good thing.
If this vulnerability required hands-on access to the router, the scope of attack would be quite limited. Unfortunately, this can be exploited remotely over the internet.
What you can do now
If you own Tenda hardware, your best defense is to disable remote web management and change the default LAN IP until Tenda releases a patch to fix this backdoor.
Also: 5 ways to fortify your network against the new speed of AI attacks
I thought that I might be able to install an open-source firmware on the router, like DD-WRT, but because of the custom chipsets that Tenda uses, there aren't any available.
ZDNET has reached out to Tenda for comment and a possible timeline for a patch, but as of the time of writing, the company has not replied. CERT reports that it, too, "were unable to reach the vendor to coordinate this vulnerability."
View original source — ZDNet ↗


