Question:
Is it true that cybersecurity experts have found backdoor Malware baked into your Wavlink routers from the factory?
Answer:
Reply on a few concerns of router security
There is a report that says our routers have remote backdoors, hereby we officially clarify that our products DO NOT have any such codes that either obtain customer information or remotely control devices. Here are one-by-one clarifications against third-party false accusations.
1. System command web page
It’s common practice for router companies to receive customer reports to make analysis and give feedback to customers more easily. And it is only for local management by customer himself.
2. Externally accessible web pages without any authentication
These pages are part of the local management to analyze WiFi installation environment.
We agree that these pages can be taken advantage of in extreme case. And to avoid causing any confusion, we decide to remove them all.
3. Wi-Fi signal scanning function
It’s also common practice in this business that routers can detect surrounding WiFi SSIDs for customers to easily choose the right network and start setup process. Scanning DOES NOT in any way mean it can decipher other networks, because all other SSIDs have their security systems.
For WiFi repeater category, scanning is a must-have function, as well as some applications such as “wifiinfoview”, “netspot” and “inssider”, just to name a few.
4. Built-in network tool programs
With Telnet which is common practice for telecom operators to provide remote support to their customers, it might cause certain confusions and troubles for malicious use. We fully understand it and from the beginning of 2019 the Telnet function was no longer available.
5. Hidden backdoors
In the article they pointed out an attack on the Internet server, trying to find out a backdoor through a public IP address. The Chinese IP in the report is not related to our company and the IP was trying to upload a malicious file on the router. However, the article has already clarified for us that the response packet returned to the 404 error "File Not Found", which means absolutely no effect on the router.
Currently, there’s a possibility to access the router from YOUR local network, meant to be checking your Internet status or firmware upgrade.
Once again, we don't have remote access to any router, and therefore not any chance to access a backdoor, if there’s any backdoor at all.
And in the report, it mentioned Jetstream is part of WAVLINK, which we have to say is totally wrong information. It can be found in a public source that Jetstream is a US-registered company and nothing related to WAVLINK.
6. Our summary
We acknowledge that our products do have room for more security improvement, which requires more awareness from us.
As regards the local access which is addressed in the article, we’ll accept the constructive opinions proposed in it and make necessary modifications to avoid any confusion or suspicion.
We’d like to take this chance to thank the writer of this article for their constructive opinions to help us achieve even higher security standard!
Wavlink Technical Support Team
see less
By Wirelessforce
SELLER on November 26, 2020
cybernews.com
