Tenda Router Backdoor
Tenda routers have a hidden firmware backdoor, allowing remote access; users advised to disable the setting ASAP
Key points
- Tenda, a network equipment manufacturer, has routers with an undocumented firmware backdoor
- The backdoor is an admin password that bypasses access control security, allowing full access to the router
- The vulnerability was discovered by an anonymous researcher and reported by the CERT Coordination Center
- Attackers can use the backdoor to run internal network scans, grab Wi-Fi passcodes, and disable security features
- Details of the backdoor are easily available, and several firmware versions are affected
Tenda, a popular brand of network equipment, has been found to have a hidden firmware backdoor in some of its routers. The backdoor, which is an admin password baked into the firmware, allows anyone who knows it to bypass access control security and access the internal settings of the router. This vulnerability was discovered by an anonymous researcher and reported by the CERT Coordination Center.
The backdoor poses a significant security risk, as attackers can use it to carry out a number of malicious tasks, including running internal network scans, grabbing Wi-Fi passcodes, setting up ports and web traffic to be forwarded to another destination, and disabling security features.
The fact that details of the backdoor are easily available and that several firmware versions are affected makes this a widespread issue. Users are advised to disable the setting ASAP to prevent potential attacks.
This incident highlights the importance of router security and the need for manufacturers to prioritize security in their products. As more devices become connected to the internet, the risk of vulnerabilities being exploited increases, making it essential for users to stay informed and take steps to protect themselves.
Sources
The WireByte editorial team synthesises technology news from multiple primary sources, verifies the facts, and links every source. Articles are produced with AI assistance and reviewed under our editorial policy.