CybersecurityJuly 7, 2026· via Security Affairs

Tenda Router Backdoor Lets Attackers Bypass Login Without a Patch

Tenda Router Backdoor Lets Attackers Bypass Login Without a Patch

Image : Security Affairs

A previously undocumented backdoor in several Tenda routers allows attackers to bypass login credentials and gain full administrative access to the devices. The flaw, tracked as CVE-2026-11405, remains unpatched as the manufacturer has not responded to the disclosure. Affected firmware versions include models such as FH1201, W15E, AC10, AC5, and AC6, leaving home and business networks exposed to potential compromise.

A Hidden Password in Plain Sight

The vulnerability resides in the authentication logic of the web server binary /bin/httpd. When a login attempt fails, the system checks an alternate password stored in the device configuration under sys.rzadmin.password. If the provided password matches this hidden value, the attacker receives role=2, granting full admin access regardless of the configured administrator credentials. The username field is irrelevant, meaning any entry paired with the backdoor password will succeed.

Full Control Without a Patch in Sight

With admin access, an attacker can reconfigure network settings, alter DNS configurations, disable security features, or use the device as a pivot point for further attacks. The backdoor is embedded in the firmware itself, making it resistant to standard fixes like password resets. CERT/CC warns that exploitation could lead to a complete takeover of the device and broader compromise of the local network advisory.

Tenda has not issued a patch, leaving users with limited options beyond replacing affected devices or isolating them from critical networks. The lack of vendor response highlights ongoing challenges in addressing firmware-level vulnerabilities that bypass standard security measures.


Source: Security Affairs. AI-assisted editorial synthesis — TechnoExpress.

Read the original source on Security Affairs →

← Back to home