Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Admin Backdoor Found in Tenda Router Firmware

Admin Backdoor Found in Tenda Router Firmware

Posted on July 7, 2026 By CWS

The CERT Coordination Center (CERT/CC) has issued a warning regarding several firmware versions from Tenda, a Chinese network device manufacturer. These versions contain an undisclosed backdoor that grants administrative access to the devices’ web management interfaces. This vulnerability, identified as CVE-2026-11405, allows attackers to bypass password verification, gaining full control without valid credentials.

Critical Vulnerability Details

The backdoor affects multiple firmware versions, including US_FH1201V1.0BR_V1.2.0.14(408)_EN_TD, US_W15EV1.0br_V15.11.0.5(1068_1567_841)_EN_TDE, US_AC10V1.0re_V15.03.06.46_multi_TDE01, US_AC5V1.0RTL_V15.03.06.48_multi_TDE01, and US_AC6V2.0RTL_V15.03.06.51_multi_T. The issue resides in the ‘login()’ function within the ‘/bin/httpd’ web server binary, which initially follows standard MD5-based password authentication. However, if authentication fails, it triggers an alternative code path.

This alternative path involves using ‘GetValue(“sys.rzadmin.password”)’ to retrieve a different password from the device’s configuration for a plaintext comparison with the user-supplied password. If they match, administrative access is granted with elevated privileges, bypassing the usual username validation process.

Implications of the Backdoor

The backdoor allows attackers to obtain full administrative privileges over the device’s interface, regardless of the legitimate administrator credentials. This could enable unauthorized alterations, disabling of security settings, or reconfiguration, potentially leading to a complete takeover of the device. CERT/CC highlights that the username associated with this backdoor, “rzadmin,” is not verified, allowing any username to succeed if paired with the backdoor password.

This vulnerability was reported by an anonymous researcher and remains unpatched. Attempts to contact Tenda for comments have been made by The Hacker News, with updates pending.

Preventive Measures and Recommendations

Until a patch is available, users are advised to take precautionary measures to protect their devices. Disabling remote management features and changing the default LAN IP address can help mitigate risks by reducing the chances of automated scans discovering the backdoor through known default IP ranges.

Ensuring these steps are taken can reduce exposure to potential threats while awaiting further updates or patches from Tenda.

The Hacker News Tags:admin access, Backdoor, CERT/CC, CVE-2026-11405, Cybersecurity, data protection, Firmware, IT security, Network, remote management, Router, Security, Tenda, unauthorized access, Vulnerability

Post navigation

Previous Post: Critical BeyondTrust Vulnerabilities Enable Access Control Bypass
Next Post: Vulnerability in Tenda Routers Allows Full Admin Access

Related Posts

Cellebrite Technology Utilized on Kenyan Activist’s Phone Cellebrite Technology Utilized on Kenyan Activist’s Phone The Hacker News
Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure The Hacker News
New HybridPetya Ransomware Bypasses UEFI Secure Boot With CVE-2024-7344 Exploit New HybridPetya Ransomware Bypasses UEFI Secure Boot With CVE-2024-7344 Exploit The Hacker News
iOS 26.5 Launches Default E2E Encrypted RCS Messaging iOS 26.5 Launches Default E2E Encrypted RCS Messaging The Hacker News
Critical Windows Flaw Allows SYSTEM Privilege Escalation Critical Windows Flaw Allows SYSTEM Privilege Escalation The Hacker News
Google Identifies Three New Russian Malware Families Created by COLDRIVER Hackers Google Identifies Three New Russian Malware Families Created by COLDRIVER Hackers The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • VECT and TeamPCP: Unveiling the Ransomware Supply Chain Strategy
  • Global Expansion of Gentlemen Ransomware Threats
  • Critical Flaw in Google Dialogflow CX Exposed
  • Vulnerability in GCP Dialogflow Enables Malicious Code Injection
  • Gitea Vulnerability Exploited Actively, Experts Alert

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • VECT and TeamPCP: Unveiling the Ransomware Supply Chain Strategy
  • Global Expansion of Gentlemen Ransomware Threats
  • Critical Flaw in Google Dialogflow CX Exposed
  • Vulnerability in GCP Dialogflow Enables Malicious Code Injection
  • Gitea Vulnerability Exploited Actively, Experts Alert

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark