Routers from Chinese manufacturer Tenda contain a hidden “backdoor” which could allow attackers to “take over” the router and send it commands. The company also sells routers branded as Medialink, and the machines are available around the world.
The backdoor was found by Craig Heffner, who discovered a similar backdoor in D-Link routers this month.
Heffner says that he made “short work” of cracking the routers, and that all an attacker needs to do is send a “magic string” to execute commands, according to Hacker News.
Heffner found “”suspicious code” in firmware. The vulnerability affects several Tenda models, including ones rebranded as MediaLink, according to Heffner’s blog post, From China With Love.
“They all use the same ‘w302r_mfg’ magic packet string,” Heffner writes. Contributors to Heffner’s site have added a list of potentially affected models.
Such vulnerabilities can be used for surveillance, or to intercept data from the network.
“It is exploitable over the wireless network, which has WPS enabled by default with no brute force rate limiting,” Heffner writes. “My shiny new ReaverPro box made relatively short work of cracking WPS, providing access to the WLAN and a subsequent root shell on the router (they also ship with a default WPA key, which you might want to try first).”
D-Link has since issued patches for affected routers, saying, “We are proactively working with the sources of these reports as well as continuing to review across the complete product line to ensure that the vulnerabilities discovered are addressed.”
Heffner, formerly of the National Security Administration, claimed that D-Link’s backdoor appeared to have been placed deliberately – and could allow attackers access to unencrypted data.
Earlier this year, Heffner found a vulnerability which could allow attackers to control security cameras – including those made by D-Link.
Heffner described the scope of the vulnerabilities as allowing “Hollywood-style” attacks – referring to the manipulation of video feeds commonly seen in heist movies.
“Thousands of these cameras are Internet accessible, and known to be deployed in homes, businesses, hotels, casinos, banks and prisons, as well as military and industrial facilities,” says Heffner.
Author Rob Waugh, We Live Security