Tenda firmware (multiple versions) contains hidden authentication backdoor
4 hours ago
- #security-vulnerability
- #router-backdoor
- #cve-2026-11405
- Tenda firmware versions contain an undocumented authentication backdoor allowing administrative access without valid credentials.
- An attacker can bypass password verification via the backdoor, tracked as CVE-2026-11405, to gain full control.
- Affected devices include specific firmware versions of US_FH1201, US_W15E, US_AC10, US_AC5, and US_AC6.
- The backdoor involves a login() function in /bin/httpd that retrieves an alternate password via GetValue("sys.rzadmin.password").
- Successful strcmp() match with the backdoor password grants admin access (role=2) regardless of username.
- Exploitation enables device reconfiguration, network alteration, and security feature disablement.
- No patch is available; mitigation includes disabling remote management and restricting local network exposure.