Tech

If You Own One Of These Routers, You’re At Risk

Published

on





We may receive a commission on purchases made from links.

According to recent research, about 94% of American households have internet access, and 87% of these are through a fixed broadband subscription. This means that many homes rely on a router as the central point of their network. And, while there is no doubting their convenience, routers aren’t always as secure as they should be. Even secure routers can have weakened security just through common home WiFi mistakes. But even with all the proper steps taken, the problem can be inherent within the hardware itself. A point that the recent discovery of a “backdoor” into certain Tenda routers adequately demonstrates. 

Advertisement

Essentially, the problem is integrated into the firmware of the router itself. Researchers at CERT Coordination Center, based at Carnegie Mellon University, reported a login pathway that bypasses the normal username-and-password check. If someone knows the right password — one that shipped with the router — the device will simply let them in as an administrator. The hack is simple; all that needs to be done is to enter this password on the router’s login screen. It doesn’t matter what the username is; it can be Joe Blogs, Administrator, or just left blank. The router doesn’t check this. As long as the password matches the one stored in the router, it will quite happily grant administrator access. 

Once someone is logged into your router, they can carry out cyberattacks, like redirecting your traffic through malicious servers, opening network ports to expose devices on the network, installing ransomware, and launching man-in-the-middle attacks. They could even lock you out of your own router entirely. The vulnerability appears to be present in five firmware versions, and as of the time of writing, there is no confirmation that the Chinese manufacturer intends to release a patch for the flaw. 

Advertisement

What Tenda routers are affected and what should I do if I have one?

The CERT report has listed the affected firmware versions. You can check whether your router has affected firmware by accessing your router’s interface. The default IP address is 192.168.0.1 for Tenda routers. Entering this number into a browser’s address bar should bring up the router’s login page. From here, navigate to System Tools and from there select Upgrade. This will display your router’s current firmware version. Of course, if you wanted to take a shortcut, you could always just enter the rogue password, widely reported to be “rzadmin”, and see if it lets you in. 

The affected firmware is present in several older product lines. The list includes the FH1201 wireless router, W15E wireless hotspot routers, AC10 AC1200 Smart Dual-Band router (v1), AC5 AC1200 Smart Dual-Band router(v1), and the AC6 AC1200 router(v2). If you’re affected, there are a couple of things you can do. The first is to disable remote access on the router. Similar to checking the firmware version, this can be done through the router’s interface. Log on as described above, and click on AdvancedSecurityRemote Web Management. You should see a tick box that enables or disables remote management. Ensure this is unchecked. 

CERT also recommends you change the default LAN IP address. It’s best to keep the 192.168. part of the number, as this is an address range reserved for private networks. However, changing this to something like 192.168.201.1 or similar keeps you within that range. Although it’s important to note that neither value can exceed 255. It might also be time for a new router, as routers may need to be replaced quite often

Advertisement



Source link

Advertisement

You must be logged in to post a comment Login

Leave a Reply

Cancel reply

Trending

Exit mobile version