We may receive a commission on purchases made from links.
You can use a router without updating it, but this carries a security risk. Without firmware updates, the router remains vulnerable if there is a vulnerability that hackers can exploit. This is the case with the vulnerability discovered by the CERT Coordination Center, a US cybersecurity center that detects, analyzes and mitigates cyber threats, where five Tenda Wi-Fi routers have a hidden backdoor in their firmware that grants full administrative control to the router’s web interface. Some of these routers appear to have been discontinued, meaning they might not even receive updates from the manufacturer if it decides to remedy the situation.
The five firmware versions identified with the undocumented backdoor are US_FH1201V1.0BR_V1.2.0.14(408)_EN_TD, US_W15EV1.0br_V15.11.0.5(1068_1567_841)_EN_TDE, US_AC10V1.0re_V15.03.06.46_multi_TDE01, US_AC5V1.0RTL_V15.03.06.48_multi_TDE01 and US_AC6V2.0RTL_V15.03.06.51_multi_T. The affected routers are FH1201 High Power AC1200 Dual-Band Wireless Router, W15E v2.0 AC1200 Wireless Hotspot Router, AC10 v1.0 AC1200 Smart Dual-Band Gigabit Router, AC5 v1.0 AC1200 Smart Dual-Band Router, and AC6 v1.0 AC1200 Router, respectively. These are all manufactured by Shenzhen Tenda Technology, a Chinese supplier of networking devices and equipment.
Always protect yourself
Essentially, the manufacturer left a backup password, “rzadmin”, in the device’s internal settings (probably used when debugging the router and firmware). Just go to the router admin panel login page and enter it (no username required). The router will attempt to authenticate the password “using an MD5-based password check”, but if this fails it will “fetch another password value from the device configuration”. Then it will do a plain text comparison between the password provided by the user and the one stored in the router configuration. “A successful match grants admin level access role=2 and creates a valid session,” the CERT report reads.
There are several reasons why this is dangerous. For example, hackers can capture unencrypted traffic to steal personal information, redirect users to malicious sites, recruit the router into a botnet, and even lock users out of the network. Even scarier, they can use the router to take control of other devices on the Wi-Fi network. Computers, phones and tablets can be protected by security apps, but devices that cannot have them installed, such as smart TVs, baby monitors and security cameras, are in greater danger if hackers decide to do so. With no news of a solution from Tenda, CERT urges users to take the necessary steps to secure their routers.
How can users protect themselves?
Unlike compromised user passwords, this is not something that can be easily changed in settings as it is hidden. The easiest thing to do would be to get a new router that has several years of firmware updates. Just because a vulnerability has been discovered doesn’t mean an update is coming. As CERT mentioned in the report: “Unfortunately, we were unable to contact the vendor to coordinate this vulnerability. » If the cost of purchasing a new router is an issue, CERT offers some mitigation strategies.
CERT recommends users disable Remote Web Management to prevent hackers from remotely accessing the admin panel. This is a feature that most people don’t use anyway. This involves going into the router settings and specifying the external IP address and port numbers. It is disabled by default on all Tenda routers, which means users who have never enabled it need not worry. It also recommends users to change the default LAN IP address to hide the router from hackers performing lazy and opportunistic scans that look for default IP addresses. However, he notes that this might not be enough to hide it from targeted analysis.
