Feeds

D-Link hole-prober finds 'backdoor' in Chinese wireless routers

Tenda networking kit contains easily-cracked vuln, claims researcher

Internet Security Threat Report 2014

Security researchers say they have discovered a hidden backdoor in wireless routers from Chinese hardware manufacturer Tenda.

Craig Heffner, the same researcher who uncovered a backdoor in routers from D-link, found the latest problem. He uncovered the functionality, which ships with Tenda's products, after unpacking firmware updates and locating what he described as "suspicious code".

Attackers could take over the router and execute commands by sending a UDP packet with a special string, The Hacker News claims.

"The backdoor only listens on the LAN, thus it is not exploitable from the WAN. However, it is exploitable over the wireless network, which has WPS enabled by default with no brute force rate limiting,” Heffner explains in a detailed advisory.

“My shiny new ReaverPro box made relatively short work of cracking WPS,” he claimed, “providing access to the WLAN and a subsequent root shell on the router.”

Heffner claims the backdoor exists on Tenda’s W302R and W330R router models as as well as re-branded models, such as the Medialink MWN-WAPR150N.

"They all use the same 'w302r_mfg' magic packet string," he notes.

Follow-up work by other researchers uncovered a more comprehensive list of potentially backdoored products.

Source code for the GoAhead web server used in Tenda products has been made available on GitHub.

We've asked Tenda for its reaction but have yet to hear back from the firm. We'll update this story as and when we hear more. ®

Intelligent flash storage arrays

More from The Register

next story
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Shellshock over SMTP attacks mean you can now ignore your email
'But boss, the Internet Storm Centre says it's dangerous for me to reply to you'
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
BlackEnergy crimeware coursing through US control systems
US CERT says three flavours of control kit are under attack
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The hidden costs of self-signed SSL certificates
Exploring the true TCO for self-signed SSL certificates, including a side-by-side comparison of a self-signed architecture versus working with a third-party SSL vendor.