IBM has disclosed the details of several vulnerabilities found in powerline extenders made by China-based networking solutions provider Tenda. IBM says Tenda ignored its emails and phone calls, and it’s unclear if any patches are being developed.
Considered an alternative to Wi-Fi extenders, powerline extenders leverage a building’s electrical wiring to boost the range of an internet connection. One powerline network adapter is connected to the router and then plugged into a wall socket. The electrical wiring will carry the signal to a different socket (in an area where a stronger signal is needed), in which the user plugs in a second powerline adapter.
Researchers at IBM’s X-Force Red team have analyzed Tenda PA6 Wi-Fi powerline extenders, which are part of the company’s PH5 Powerline Extender Kit, and identified vulnerabilities that could allow attackers to take complete control of a device.
Malicious actors could exploit the vulnerabilities to add a device to an IoT botnet and abuse it to launch DDoS attacks, move to other devices on the network, or abuse them to mine for cryptocurrency.
One of the vulnerabilities has been described as a command injection issue that can be exploited by an authenticated attacker to take control of a powerline adapter. Another vulnerability allows an authenticated attacker to execute arbitrary code on the device.
IBM says it may be possible to exploit these vulnerabilities remotely from the internet. While exploitation requires authentication, the tech giant’s researchers noticed that the vulnerable devices are only protected by a weak, default password.
A third security hole found by IBM researchers is a denial-of-service (DoS) vulnerability that can be exploited without authentication to cause a device to continuously reboot.
They also noticed that an attacker can easily obtain a device’s firmware image, which includes configuration data and other files.
Based on the CVE identifiers assigned to these vulnerabilities, they were discovered in 2019, but no patches appear to have been released. IBM says it has attempted to report its findings to Tenda, but the vendor ignored its phone calls and emails, which is why it’s unclear if the company is working on releasing patches.