CERT Flags 5 Tenda Router Firmware Builds With Remote Backdoor
Updated
Updated · ZDNet · Jul 9
CERT Flags 5 Tenda Router Firmware Builds With Remote Backdoor
3 articles · Updated · ZDNet · Jul 9
Summary
Five Tenda firmware versions contain an undocumented admin-password backdoor that lets anyone who knows it bypass login controls and take full control of affected routers remotely.
CERT/CC said an anonymous researcher found the flaw, and the report warns the credentials are easy to uncover, raising the risk of near-term exploitation.
Router admin access would let attackers scan internal networks, steal Wi-Fi passwords, forward ports and web traffic, and disable security features.
Tenda has not responded with a patch timeline, and CERT said it also could not reach the vendor; users are advised to disable remote web management and change the default LAN IP.