Home News Hidden Tenda Router Backdoor Gives Hackers Full Administrator Access
NewsSecurity

Hidden Tenda Router Backdoor Gives Hackers Full Administrator Access

3

Hidden Backdoor in Tenda Router Firmware Allows Attackers to Gain Admin Access

A hidden authentication backdoor has been discovered in several Tenda router firmware versions, potentially allowing attackers to gain full administrative control of affected devices.

The vulnerability, tracked as CVE-2026-11405, was reported by the CERT Coordination Center (CERT/CC). The issue exists because of an undocumented authentication method inside the router’s web server software. CERT/CC says the vulnerability remains unpatched because Tenda could not be reached for a response.

The flaw is located in the router’s /bin/httpd web server binary and affects the login() function. Normally, the router uses standard MD5-based authentication to verify users. However, if that process fails, the firmware checks a hidden configuration value called sys.rzadmin.password.

If the supplied password matches this hidden value, the router grants administrator-level access regardless of the username entered. This means attackers who know the backdoor password could bypass normal account protections and access the device’s management interface.

With administrative access, attackers could change network settings, disable security protections, modify router configurations, and potentially compromise other devices connected to the same network.

The vulnerability affects several Tenda router models and firmware versions, including:

  • Tenda FH1201
  • Tenda W15E
  • Tenda AC10
  • Tenda AC5
  • Tenda AC6 V2

CERT/CC says no official security update is currently available. Users are advised to disable remote web management to prevent attackers from accessing the vulnerable interface over the internet.

Security experts also recommend reducing exposure by changing default LAN settings and limiting access to the router’s administrative panel to reduce the risk of automated attacks.

The vulnerability was discovered and reported by an anonymous security researcher.

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Articles

NewsSecurity

Telegram’s t.me Domain Goes Offline Worldwide After Registry Imposes ServerHold

Telegram’s t.me Links Go Offline After Domain Registry Places Hold on Address...

NewsSecurity

Critical U-Boot Flaws Could Let Hackers Install Stealthy Firmware Malware

New U-Boot Bootloader Flaws Could Enable Stealthy Firmware-Level Attacks Security researchers have...

NewsSecurity

Exposed Hacker Server Reveals Massive Campaign Compromising 25,000 WordPress Websites

Exposed Server Reveals 25,000 Hacked WordPress Websites in Large Cybercrime Campaign A...

NewsSecurity

US Offers $10 Million Bounty as Russian Hackers Target Signal and WhatsApp Accounts

US Offers $10 Million Reward for Information on Russian-Linked Hackers Targeting Messaging...