Routers With No Security Fix Put Millions at Risk

▼ Summary
– 94% of American households have internet access, with 87% using fixed broadband, making routers central to home networks.
– Researchers at CERT Coordination Center found a backdoor in certain Tenda routers that bypasses normal login checks.
– The backdoor allows administrator access with just a specific password, regardless of the username entered.
– Once logged in, attackers can redirect traffic, expose network devices, install ransomware, or lock users out.
– The vulnerability is in five firmware versions, and the manufacturer has not confirmed plans to release a patch.
Millions of home internet users could be exposed to serious cyber threats due to a critical security flaw found in certain Tenda routers. Recent research reveals that approximately 94% of American households have internet access, with 87% relying on fixed broadband subscriptions. This means routers serve as the central hub for countless home networks. While these devices offer undeniable convenience, their security often falls short. Even routers designed with strong protections can be compromised by common WiFi mistakes, but this latest issue runs far deeper. It is embedded in the hardware itself.
The vulnerability, uncovered by researchers at the CERT Coordination Center at Carnegie Mellon University, involves a hidden “backdoor” built directly into the router’s firmware. This backdoor bypasses the standard username-and-password authentication process. If an attacker knows the default password that shipped with the device, they can gain full administrative access simply by entering it on the login screen. The username field is irrelevant; it can be anything, left blank, or even set to “Administrator.” The router only checks the password, and if it matches, it grants unrestricted control.
Once an intruder gains access, the potential for damage is severe. They can redirect your internet traffic through malicious servers, open network ports to expose other devices on your home network, install ransomware, or launch man-in-the-middle attacks. In the worst-case scenario, they could lock you out of your own router entirely. The flaw affects five different firmware versions, and as of now, the Chinese manufacturer has not confirmed any plans to release a security patch. This leaves millions of users vulnerable with no clear fix in sight.
(Source: SlashGear)




