Unpatched Tenda WiFi router vulnerabilities leave home networks wide open to abuse

John Leyden 17 July 2020 at 11:22 UTC
Updated: 17 July 2020 at 11:24 UTC

More than six months have passed, and the Chinese hardware vendor still hasn’t responded to researchers

Tenda WiFi router vulnerabilities leave home networks wide open to abuse

Remote attackers might easily gain control of the Tenda AC15 AC1900 WiFi router because of multiple unpatched security vulnerabilities.

The flaws, discovered by security researchers at Independent Security Evaluators (ISE), create a means for cybercriminals to turn compromised devices into nodes in an IoT botnet, among other exploits.

ISE uncovered five vulnerabilities in the firmware of Shenzhen Tenda Technology Company’s AC15 AC1900 dual-band gigabit WiFi router during its research into embedded devices.

The US-based security consultancy said it notified the Chinese networking equipment manufacturer of the flaws in January.

Tenda has not responded to any of ISE’s emails, prompting the US security consultancy to go public with its findings late last week.

Tenda has likewise failed to respond to requests for comment on ISE’s findings put to the vendor by The Daily Swig.

Take five

A detailed technical write-up by ISE details the flaws found in the networking kit. These included insufficient request validation (CVE-2020-10986), insufficient data validation and sanitization (CVE-2020-10989), and a hardcoded telnet password (CVE-2020-10988).

These vulnerabilities created a cross-site scripting (XSS) and cross-site request forgery (CSRF) risk, while a further two flaws (CVE-2020-10987 and CVE-2020-TBA) opened the door to remote code execution (RCE) and complete takeover.

More precisely, if the Tenda AC15 is open to the internet, it is possible to obtain a persistent reverse shell due to the RCE and open telnet daemon.

Trivial exploits

Home networking equipment traditionally has an indifferent reputation for security, at best. Tenda’s issues exemplify wider problems in the product category, ISE told The Daily Swig.

“The vulnerabilities I found are super common – they are on the OWASP Top Ten list and require low effort from the attacker,” Sanjana Sarda, the security analyst who carried out the research, explained.

“From our research, some variants of these often show up in most IoT devices, not only routers.”

Read more of the latest IoT security news

Sarda went on to criticize Tenda’s handling of the vulnerability disclosure process.

“Malicious attackers can exploit various vulnerabilities in Tenda’s AC15 to access this device without authentication and cause persistent denial of service conditions,” she said.

“Tenda has not responded after several attempts of contacting them. They have not released new firmware since the vulnerabilities were disclosed, nor have they completely removed access to the vulnerable firmware.”

READ MORE Further security holes poked and plugged in Sophos XS firewalls


Source: The Daily Swig

Leave a Reply