Feeds

D-Link hole-prober finds 'backdoor' in Chinese wireless routers

Tenda networking kit contains easily-cracked vuln, claims researcher

Internet Security Threat Report 2014

Security researchers say they have discovered a hidden backdoor in wireless routers from Chinese hardware manufacturer Tenda.

Craig Heffner, the same researcher who uncovered a backdoor in routers from D-link, found the latest problem. He uncovered the functionality, which ships with Tenda's products, after unpacking firmware updates and locating what he described as "suspicious code".

Attackers could take over the router and execute commands by sending a UDP packet with a special string, The Hacker News claims.

"The backdoor only listens on the LAN, thus it is not exploitable from the WAN. However, it is exploitable over the wireless network, which has WPS enabled by default with no brute force rate limiting,” Heffner explains in a detailed advisory.

“My shiny new ReaverPro box made relatively short work of cracking WPS,” he claimed, “providing access to the WLAN and a subsequent root shell on the router.”

Heffner claims the backdoor exists on Tenda’s W302R and W330R router models as as well as re-branded models, such as the Medialink MWN-WAPR150N.

"They all use the same 'w302r_mfg' magic packet string," he notes.

Follow-up work by other researchers uncovered a more comprehensive list of potentially backdoored products.

Source code for the GoAhead web server used in Tenda products has been made available on GitHub.

We've asked Tenda for its reaction but have yet to hear back from the firm. We'll update this story as and when we hear more. ®

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.