Updated
Updated · ZDNet · Jul 9
CERT Flags 5 Tenda Router Firmware Builds With Remote Backdoor
Updated
Updated · ZDNet · Jul 9

CERT Flags 5 Tenda Router Firmware Builds With Remote Backdoor

3 articles · Updated · ZDNet · Jul 9

Summary

  • Five Tenda firmware versions contain an undocumented admin-password backdoor that lets anyone who knows it bypass login controls and take full control of affected routers remotely.
  • CERT/CC said an anonymous researcher found the flaw, and the report warns the credentials are easy to uncover, raising the risk of near-term exploitation.
  • Router admin access would let attackers scan internal networks, steal Wi-Fi passwords, forward ports and web traffic, and disable security features.
  • Tenda has not responded with a patch timeline, and CERT said it also could not reach the vendor; users are advised to disable remote web management and change the default LAN IP.

Insights

Is this router backdoor a simple bug, or a hidden feature mandated by national law?
The US restricts new router imports, but what about millions of backdoored devices already in homes?
With a backdoor built-in, is your internet router a bigger threat than any external hacker?