Industry News

Tenda Wireless Routers Feature Backdoor

Some wireless router models produced by Chinese company Tenda Technology are vulnerable to remote attacks, says Craig Heffner, the researcher who also spotted the backdoor in D-Link routers.

Unpacking the firmware update for the Tenda networking kit, Heffner found “suspicious code” that enables an unauthorized person to highjack the router “by sending a UDP packet with a special string.”

Apparently the bug is in the httpd component, where the MfgThread() function deploys a backdoor that can execute commands from remote C&C centers. Basically, once a remote attacker gets into the local network, he can send commands with root privileges to the device.

“The backdoor only listens on the LAN, thus it is not exploitable from the WAN. However, it is exploitable over the wireless network, which has WPS enabled by default with no brute force rate limiting,” Heffner writes in an advisory.

According to Heffner’s research, the vulnerable router models are Tenda’s W302R and W330R along with the rebranded Medialink MWN-WAPR150N.

Early this year, Cisco-powered Linksys routers were also found vulnerable to unauthorized remote access, where an attack could seize root privileges on the device. The bug affected both new and older versions of Linksys firmware. In February, DIR-600 and DIR-300 of D-Link routers allowed hackers to redirect Internet traffic and even change users’ device passwords.

About the author


A blend of teacher and technical journalist with a pinch of e-threat analysis, Loredana Botezatu writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair. Loredana has been writing about the IT world and e-security for well over five years and has made a personal goal out of educating computer users about the ins and outs of the cybercrime ecosystem.