1 min read

Tenda Wireless Routers Feature Backdoor

Loredana BOTEZATU

October 23, 2013

Tenda Wireless Routers Feature Backdoor

Some wireless router models produced by Chinese company Tenda Technology are vulnerable to remote attacks, says Craig Heffner, the researcher who also spotted the backdoor in D-Link routers.

Unpacking the firmware update for the Tenda networking kit, Heffner found “suspicious code” that enables an unauthorized person to highjack the router “by sending a UDP packet with a special string.”

Apparently the bug is in the httpd component, where the MfgThread() function deploys a backdoor that can execute commands from remote C&C centers. Basically, once a remote attacker gets into the local network, he can send commands with root privileges to the device.

“The backdoor only listens on the LAN, thus it is not exploitable from the WAN. However, it is exploitable over the wireless network, which has WPS enabled by default with no brute force rate limiting,” Heffner writes in an advisory.

According to Heffner`s research, the vulnerable router models are Tenda`s W302R and W330R along with the rebranded Medialink MWN-WAPR150N.

Early this year, Cisco-powered Linksys routers were also found vulnerable to unauthorized remote access, where an attack could seize root privileges on the device. The bug affected both new and older versions of Linksys firmware. In February, DIR-600 and DIR-300 of D-Link routers allowed hackers to redirect Internet traffic and even change users` device passwords.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read