11 comments

  • ggm 7 minutes ago
    Have used their travel wifi product back when hotel wifi was a strange beast. Wouldn't expect to need it now eSIM and ubiquitous internet travel pricing means the hotel wifi may be the LEAST valid path to access things.

    I have a free give-away mikrotik unit in the same price bracket (literally free: they were both conference give-aways) it's physically smaller and it runs what appears to be their mainline code. Say what you like about microtik for quality, they provide pretty much every knob and frob you could want.

  • greyface- 34 minutes ago
    The article doesn't disclose the value of "sys.rzadmin.password", but this writeup from 2022 does:

    https://boschko.ca/tenda_ac1200_router/

    Spoiler: it's "rzadmin". And it looks like there are a bunch of other goodies in the firmware, too.

  • HDBaseT 4 minutes ago
    The US/Israel would never do such a thing, buy UniFi/Fortinet/Palo Alto!
  • fusslo 1 hour ago
    > Tenda is a supplier of home and business network devices such as routers, switches, wireless access points, and video surveillance equipment.

    I was unfamiliar with Tenda.

    > Shenzhen Tenda Technology Co.,Ltd. ( https://www.tendacn.com/us/profile )

    Tenda may just rebrand, right? It seems like many chinese brands will either rebrand or have a 'competing' brand with the same internals but different externals. (I have no idea if Tenda does this, I've just seen it previously. Specifically with security cameras)

    I wish the authors provided some method for checking this vulnerability other than fw version. It seems like Tenda could just change the password and say "yep! all safe now"

    • TedDoesntTalk 56 minutes ago
      I’m in the USA and have a Tenda WiFi usb stick. Not as popular as other brands but they are around
  • drnick1 20 minutes ago
    And this is why I handroll my own routers/firewalls, using commodity hardware and a Linux distribution.
  • SubiculumCode 1 hour ago
    Up and out the back door, any 'ol time.
  • RetroTechie 2 hours ago
    Yet another Chinese company selling backdoor'd product. Surprise surprise...
    • cwmoore 1 hour ago
      Are you referring to the concept of “prayer?”
  • nttylock 36 minutes ago
    [flagged]
  • tangsoupgallery 1 hour ago
    [flagged]
  • naturalmovement 38 minutes ago
    [flagged]
  • vachina 1 hour ago
    Chinese undocumented auth: commies tryna steal mah api tokenz

    US undocumented auth: legitimate usecase for out of band support nothing to see here