Updated
Updated · SlashGear · Jul 17
CERT Finds 5 Tenda Router Firmware Versions Expose Admin Access With Default Password
Updated
Updated · SlashGear · Jul 17

CERT Finds 5 Tenda Router Firmware Versions Expose Admin Access With Default Password

3 articles · Updated · SlashGear · Jul 17

Summary

  • Five Tenda firmware versions contain a built-in login bypass that grants administrator access if an attacker enters the shipped password, regardless of username, CERT Coordination Center researchers said.
  • The flaw is embedded in firmware across older Tenda lines including the FH1201, W15E, AC10 v1, AC5 v1 and AC6 v2, and no confirmed vendor patch had been announced.
  • Administrator access could let intruders redirect traffic, open network ports, install ransomware, launch man-in-the-middle attacks or lock owners out of their own routers.
  • CERT advised affected users to check firmware through the router interface, disable remote web management and change the default LAN IP address while considering replacing aging hardware.

Insights

A secret password gives hackers full control of your router. What other backdoors are hiding in your smart home?
As manufacturers abandon routers despite new FCC rules, who is responsible for the inevitable cyberattacks?