Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Vulnerability in Tenda Routers Allows Full Admin Access

Vulnerability in Tenda Routers Allows Full Admin Access

Posted on July 7, 2026 By CWS

A recently discovered security flaw in Tenda network routers has revealed an authentication backdoor that grants attackers full administrative privileges without needing valid login credentials.

Affected Devices and Firmware

The vulnerability impacts several Tenda router models, including FH1201, W15E, AC10, AC5, and AC6, affecting multiple firmware versions. This issue has been cataloged as CVE-2026-11405 and was publicly disclosed by the CERT Coordination Center on July 6, 2026, under Vulnerability Note VU#213560.

These models are predominantly used in residential and small business settings, relying on web-based management interfaces that typically require a username and password for access.

Details of the Security Flaw

The flaw resides within the web server binary located at /bin/httpd, specifically in the login function. This function includes an undocumented backdoor authentication mechanism. Normally, user credentials are verified using an MD5-based password check. However, if this verification fails, the function uses a fallback process, revealing a hidden backdoor.

This backdoor leverages a secondary password stored in the device configuration, accessed via the GetValue(“sys.rzadmin.password”) function. Instead of using secure hashing or comparison methods, a plaintext strcmp() comparison is employed, which can grant administrative access if it matches.

Implications and Mitigation Strategies

Critically, this fallback process does not validate the username, allowing attackers to use any arbitrary username with the backdoor password to gain control. The backdoor’s undocumented nature makes it undetectable through standard interfaces, increasing its danger.

Exploiting this backdoor allows attackers to fully compromise affected devices, modify network settings, redirect traffic, disable security measures, or install malicious firmware. This level of access can lead to broader attacks, such as man-in-the-middle interceptions and lateral network movements.

Currently, no official patch or firmware update is available from Tenda, and vendor coordination attempts have been unsuccessful. Users should immediately disable remote web management functionalities to limit exposure and change default local IP addresses to thwart automated scans, though determined attackers may still succeed.

Security Concerns and Recommendations

This discovery raises significant concerns regarding firmware security practices and the reliability of the supply chain. Users and organizations utilizing these Tenda devices should vigilantly monitor for updates and consider replacing vulnerable hardware if no resolution is provided.

Strengthening network defenses and continuously monitoring for unusual activity remains crucial until a permanent fix is issued.

Cyber Security News Tags:admin access, authentication flaw, Backdoor, CERT Coordination Center, CVE-2026-11405, Cybersecurity, Firmware, network security, router vulnerability, Tenda

Post navigation

Previous Post: Admin Backdoor Found in Tenda Router Firmware
Next Post: Critical Linux KVM Flaw Exposes Host Kernel to Attack

Related Posts

1-Click Oracle Cloud Code Editor RCE Vulnerability Lets Attackers Upload Malicious Files 1-Click Oracle Cloud Code Editor RCE Vulnerability Lets Attackers Upload Malicious Files Cyber Security News
Everest Hacking Group Allegedly Claims Breach of Nissan Motors Everest Hacking Group Allegedly Claims Breach of Nissan Motors Cyber Security News
GitLab Security Alert: Critical XSS and DoS Flaws Fixed GitLab Security Alert: Critical XSS and DoS Flaws Fixed Cyber Security News
NPM’s ‘duer-js’ Package Spreads Malware to Windows & Discord NPM’s ‘duer-js’ Package Spreads Malware to Windows & Discord Cyber Security News
Microsoft Windows 11 October Update Breaks Localhost (127.0.0.1) Connections Microsoft Windows 11 October Update Breaks Localhost (127.0.0.1) Connections Cyber Security News
Critical Flaw in Argo CD Exposes Sensitive Kubernetes Data Critical Flaw in Argo CD Exposes Sensitive Kubernetes Data Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • VECT and TeamPCP: Unveiling the Ransomware Supply Chain Strategy
  • Global Expansion of Gentlemen Ransomware Threats
  • Critical Flaw in Google Dialogflow CX Exposed
  • Vulnerability in GCP Dialogflow Enables Malicious Code Injection
  • Gitea Vulnerability Exploited Actively, Experts Alert

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • VECT and TeamPCP: Unveiling the Ransomware Supply Chain Strategy
  • Global Expansion of Gentlemen Ransomware Threats
  • Critical Flaw in Google Dialogflow CX Exposed
  • Vulnerability in GCP Dialogflow Enables Malicious Code Injection
  • Gitea Vulnerability Exploited Actively, Experts Alert

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark