Tenda Router Firmware Contains Hidden Admin Access Backdoor
Security researchers have identified a significant authentication backdoor within the firmware of multiple Tenda router models. This vulnerability allows an unauthorized attacker to gain administrative access to the router's web management interface without needing valid credentials. The backdoor was discovered by researchers at the firm 'Security Joes' and detailed in a report published on March 11, 2024.
The backdoor mechanism bypasses standard authentication protocols, meaning that even with a strong, unique password set by the user, an attacker could still exploit this vulnerability. The specific details of the backdoor involve a hardcoded username and password combination that is not exposed to the user interface. This allows for remote or local exploitation, depending on the network configuration and the attacker's proximity.
Security Joes confirmed that the vulnerability affects several firmware versions across various Tenda router series. While the exact number of affected models and firmware versions has not been fully enumerated by Tenda, the discovery highlights a serious security flaw that could compromise the network security of users relying on these devices. The implications include potential unauthorized configuration changes, redirection of network traffic, or the use of the compromised router as a pivot point for further network attacks.
As of the report's publication, Tenda has not yet released a public statement or a firmware update to address this critical backdoor. Users of Tenda routers are advised to remain vigilant and monitor the manufacturer's official support channels for any forthcoming security advisories or patches. Until a fix is available, users may consider implementing additional network security measures or exploring alternative router solutions if their device is found to be vulnerable.
Original source — read the full reporting at the publisher:
Read on BleepingComputer