These 5 Routers Are No Longer Safe To Use After A New Security Backdoor Was Discovered
We may receive a commission on purchases made from links.
You can use a router without updating it, but there is a security risk that comes with it. Without firmware updates, the router remains vulnerable if a flaw exists that hackers can exploit. Such is the case with the vulnerability discovered by the CERT Coordination Center, a U.S. cybersecurity center that detects, analyzes, and mitigates cyber threats, where five Tenda Wi-Fi routers have a hidden backdoor in their firmware that grants full administrative control to the router's web interface. Some of these routers appear to have been discontinued, meaning they might not even get updates from the manufacturer if it decides to remedy the situation.
The five firmware versions that have been identified with the undocumented backdoor are US_FH1201V1.0BR_V1.2.0.14(408)_EN_TD, US_W15EV1.0br_V15.11.0.5(1068_1567_841)_EN_TDE, US_AC10V1.0re_V15.03.06.46_multi_TDE01, US_AC5V1.0RTL_V15.03.06.48_multi_TDE01, and US_AC6V2.0RTL_V15.03.06.51_multi_T. The affected routers are FH1201 High Power AC1200 Dual Band Wireless Router, W15E v2.0 AC1200 Wireless Hotspot Router, AC10 v1.0 AC1200 Smart Dual-Band Gigabit router, AC5 v1.0 AC1200 Smart Dual-Band router, and AC6 v1.0 AC1200 router, respectively. These are all manufactured by Shenzhen Tenda Technology, a Chinese supplier of networking devices and equipment.
Always protect yourself
Essentially, the manufacturer left a backup password, which is "rzadmin," in the device's internal settings (probably used during debugging the router and firmware). All one has to do is access the login page of the router's admin panel and enter it (no username required). The router will try to authenticate the password "using MD5-based password verification," but if that fails, it will "retrieve an alternate password value from the device configuration." Then it will do a plain text comparison between the password provided by the user and the one stored in the router's configuration. "A successful match grants role=2 admin-level access and creates a valid session," the CERT report reads.
There are several reasons why this is dangerous. For instance, the hackers can capture unencrypted traffic to steal personal information, redirect users to malicious sites, recruit the router into a botnet, and even lock users out of the network. Even scarier, they can use the router as a way of taking over other devices on the Wi-Fi network. Computers, phones, and tablets can be protected with security apps, but devices where these cannot be installed, such as smart TVs, baby monitors, and security cameras, are in greater danger if hackers decide to do this. With no word of a fix coming from Tenda, CERT is urging users to take the necessary steps to secure their routers.
How users can protect themselves?
Unlike compromised user passwords, this is not something that can easily be changed in settings since it's hidden. The easiest thing to do would be to get a new router that has years of firmware updates ahead of it. Just because the vulnerability has been discovered, it doesn't mean an update is coming. As CERT mentioned in the report, "Unfortunately, we were unable to reach the vendor to coordinate this vulnerability." If the cost of purchasing a new router is an issue, CERT does offer a couple of mitigation strategies.
CERT recommends that users disable remote web management to prevent hackers from accessing the admin panel remotely. This is a feature that most people don't use anyway. It involves going into the router's settings and specifying the external IP address and port numbers, and is turned off by default in all Tenda routers, meaning users who have never enabled it don't need to worry. It also recommends that users change the default LAN IP address to hide the router from hackers conducting lazy, opportunistic scans that search for default IP addresses. However, it notes that this may not be enough to hide it from targeted scans.