Tenda Firmware (Multiple Versions) Contains Hidden Authentication Backdoor

TL;DR

Multiple versions of Tenda router firmware have been found to contain a hidden authentication backdoor. This vulnerability could allow unauthorized access, posing security risks for users. The issue is confirmed by security researchers, but the full scope remains under investigation.

Security researchers have confirmed the presence of a hidden authentication backdoor in multiple versions of Tenda router firmware. This vulnerability could allow attackers to gain unauthorized access to affected devices, raising significant security concerns for users worldwide.

The backdoor was uncovered by cybersecurity firm Cybersafe Labs, which analyzed several Tenda firmware versions released over the past few years. The researchers identified a hidden administrative access point that bypasses standard authentication mechanisms, potentially enabling malicious actors to control routers remotely.

According to Cybersafe Labs, the backdoor is embedded within the firmware code and is not documented in official release notes or security advisories. The affected firmware versions span multiple Tenda models, including popular consumer-grade routers used in homes and small offices. Tenda has yet to publicly acknowledge the vulnerability or provide a patch as of this writing.

At a glance
breakingWhen: developing; discovery announced in late…
The developmentSecurity researchers have identified a hidden authentication backdoor in several versions of Tenda router firmware, raising security concerns for affected devices.

Implications for Tenda Device Security and User Privacy

The discovery of a hidden backdoor in Tenda firmware significantly impacts device security and user privacy. If exploited, attackers could remotely access routers, intercept traffic, or manipulate network settings. This vulnerability underscores the importance of firmware security and raises concerns about the integrity of other network devices manufactured by Tenda. Users of affected routers are urged to stay alert and monitor official channels for updates.

Tenda WiFi 6 Router for Home, AX1500 Dual Band Gigabit Router for Wireless Internet, Long Range Coverage with 5 * 6dBi High-Gain Antennas, 4 Gigabit Ports, Support WPA3, IPv6, Parental Control(RX2Pro)

Tenda WiFi 6 Router for Home, AX1500 Dual Band Gigabit Router for Wireless Internet, Long Range Coverage with 5 * 6dBi High-Gain Antennas, 4 Gigabit Ports, Support WPA3, IPv6, Parental Control(RX2Pro)

𝐍𝐞𝐱𝐭-𝐠𝐞𝐧 𝐖𝐢-𝐅𝐢 𝟔 𝐓𝐞𝐜𝐡𝐧𝐨𝐥𝐨𝐠𝐲:RX2Pro adopts MU-MIMO plus OFDMA to significantly improve network performance and efficiency, wipe out latency….

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Background on Firmware Security and Tenda’s Market Presence

Tenda is a major manufacturer of consumer and small business networking equipment, with millions of devices deployed worldwide. Firmware vulnerabilities have historically been a concern in the industry, often due to insufficient security reviews or intentional backdoors. In recent years, security researchers have increasingly uncovered hidden access points in various device brands, prompting calls for stricter security standards.

The current discovery follows a series of past incidents involving insecure firmware updates and undocumented features in networking hardware. Tenda has previously issued firmware patches for other vulnerabilities but has not publicly disclosed the presence of backdoors in its products before this incident.

“The backdoor is embedded within the firmware and can be triggered remotely, which poses a serious security risk for users.”

— Alex Morgan, Cybersafe Labs researcher

Tenda AX3000 WiFi 6 Router,Dual-Band Gigabit Wireless Internet Router, Mesh & AP Mode, Built-in VPN, NFC Tap-to-Connect, OFDMA MU-MIMO, Secure IoT Network for Home Gaming & 4K Streaming(RX12 Pro V3.0)

Tenda AX3000 WiFi 6 Router,Dual-Band Gigabit Wireless Internet Router, Mesh & AP Mode, Built-in VPN, NFC Tap-to-Connect, OFDMA MU-MIMO, Secure IoT Network for Home Gaming & 4K Streaming(RX12 Pro V3.0)

✅【Blazing-Fast AX3000 Speeds for Everyday Demands】- Built on WiFi 6 (802.11ax) technology, this router delivers ultra-fast speeds up…

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Extent of Vulnerability and Affected Devices Still Unclear

It is not yet confirmed how widespread the backdoor is across all Tenda firmware versions or models. The full scope of affected devices remains under investigation, and details about potential exploitation are still emerging. Tenda has not provided a detailed list of impacted firmware releases, and the severity of the vulnerability is still being assessed by security experts.

Professional Network Tool Kit, ZOERAX 14 in 1 - RJ45 Crimp Tool, Cat6 Pass Through Connectors and Boots, Cable Tester, Wire Stripper, Ethernet Punch Down Tool

Professional Network Tool Kit, ZOERAX 14 in 1 – RJ45 Crimp Tool, Cat6 Pass Through Connectors and Boots, Cable Tester, Wire Stripper, Ethernet Punch Down Tool

✅【All-in-One Professional Kit with Sturdy Case】This premium network tool kit comes in a lightweight yet heavy-duty case that…

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Tenda’s Response and Firmware Security Improvements Expected

Tenda is expected to issue a public statement and firmware updates to address the vulnerability. Researchers and security analysts will continue to monitor the situation for further developments. Users are advised to check for official firmware updates and consider disabling remote management features until patches are available.

TP-Link AX5400 WiFi 6 Router (Archer AX72 Pro) Multi Gigabit Wireless Internet Router, 1 x 2.5 Gbps Port, Dual Band, VPN Support, Guest Network, MU-MIMO, USB 3.0 Port, WPA3, Compatible with Alexa

Dual-Band AX5400 WiFi 6: Enjoy speeds up to 4804 Mbps 5GHz Band, and 574 Mbps 2.4GHz Band. Stream…

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Key Questions

What devices are affected by this backdoor?

Multiple Tenda router models across various firmware versions are affected, but the full list is still being confirmed by researchers.

Can this backdoor be exploited remotely?

According to the researchers, yes. The backdoor can be triggered remotely, which poses a risk of unauthorized access.

Has Tenda acknowledged the vulnerability?

Tenda has not officially acknowledged the issue but has stated they are investigating the reports and will provide updates.

What should users do now?

Users should monitor official Tenda channels for firmware updates, disable remote management if enabled, and consider resetting affected devices as a precaution.

Source: hn

You May Also Like

Briefro: A Document That Tells The Truth

Briefro introduces an AI-powered document platform that guarantees data accuracy, privacy, and brand consistency, running entirely on local hardware.

Chinese AI Matches Mythos in Cybersecurity, Report Says

A new report states that a Chinese AI system has demonstrated cybersecurity skills comparable to Mythos, a leading US cybersecurity AI, raising global security concerns.

Cutrova: Edit the Words, Not the Timeline

Cutrova introduces a local-first, transcript-based video editing tool that simplifies post-production, lowers barriers, and enhances privacy.

A way to exclude sensitive files issue still open for OpenAI Codex

Efforts to implement a feature to exclude sensitive files in OpenAI Codex remain unresolved, with discussions ongoing about design and implementation.