Some wireless router models produced by Chinese company Tenda Technology are vulnerable to remote attacks, says Craig Heffner, the researcher who also spotted the backdoor in D-Link routers.
Unpacking the firmware update for the Tenda networking kit, Heffner found â€œsuspicious codeâ€ that enables an unauthorized person to highjack the router â€œby sending a UDP packet with a special string.â€
Apparently the bug is in the httpd component, where theÂ MfgThread()Â function deploys a backdoor that can execute commands from remote C&C centers. Basically, once a remote attacker gets into the local network, he can send commands with root privileges to the device.
“The backdoor only listens on the LAN, thus it is not exploitable from the WAN. However, it is exploitable over the wireless network, which has WPS enabled by default with no brute force rate limiting,â€ Heffner writes in anÂ advisory.
According to Heffnerâ€™s research, the vulnerable router models are Tendaâ€™s W302R and W330R along with the rebranded Medialink MWN-WAPR150N.
Early this year, Cisco-powered Linksys routers were also found vulnerable to unauthorized remote access, where an attack could seize root privileges on the device. The bug affected both new and older versions of Linksys firmware. In February, DIR-600 and DIR-300 of D-Link routers allowed hackers to redirect Internet traffic and even change usersâ€™ device passwords.