HeadlinesBriefing favicon HeadlinesBriefing.com

Tenda Router Firmware Backdoor കാസ

Hacker News •
×

Tenda routers and switches run firmware that hides a backdoor in the /bin/httpd login routine. The flaw, logged as CVE-2026-11405, appears in at least four US‑based builds: US_FH1201 V1.0BR_V1.2.0.14(408)_EN_TD, US_W15EV1.0br_V15.11.0.5(1068_1567_841)_EN_TDE, US_AC10V1.0re_V15.03.06.46_multi_TDE01, and US_AC5V1.0RTL_V15.03.06.48_multi_TDE01.

Under normal circumstances the login() function verifies credentials with an MD5 hash. When that check fails, the routine calls Get Value('sys.rzadmin.password') and compares the clear‑text value to the supplied password using strcmp(). If the strings match, the session receives role=2 admin rights and the username field is ignored, allowing any name to pair with the backdoor password.

An attacker who discovers this trick can gain full administrative control without knowing the legitimate password, enabling firmware re‑flash, network reconfiguration, and disabling of security features. The compromise could spread to all devices on the local subnet if the router remains reachable from the internet.

Tenda has not released a patch, so administrators should turn off remote web management and change the default LAN address to reduce discoverability. Continuous monitoring of login attempts remains essential until an official fix arrives.