Close Menu
    What's Hot

    Abandoned by Allies, Platner Faces Pressure to End Senate Campaign

    Opinion | Whose Land? Our Land, Not Trump’s.

    How a Four-Generation Cuban Family Survives on $60 a Month

    Facebook X (Twitter) Instagram
    Trending
    • Abandoned by Allies, Platner Faces Pressure to End Senate Campaign
    • Opinion | Whose Land? Our Land, Not Trump’s.
    • How a Four-Generation Cuban Family Survives on $60 a Month
    • Opinion | Is This Liberalism’s Last Stand?
    • Ayatollah Ali Khamenei, Iran’s Slain Leader, Is Mourned in Qom
    • As Messi Dominates the World Cup, a War Is Waged Over Maradona’s Image
    • Why Are Berries Everywhere, in Every Season? Driscoll’s.
    • Those Soldiers Flooding Your Feeds? They Might Not Be Real.
    interluknewsinterluknews
    • Home
    • Business
      • Corporate News
      • Industry Insights
      • Startups & Entrepreneurship
      • Technology & Innovation
    • Economy
      • Economic Policy
      • Financial Analysis
      • Inflation & Interest Rates
      • Trade & Markets
    • Global
      • Conflicts & Security
      • Diplomacy
      • Global Trends
      • International Affairs
    • Lifestyle
      • Fashion
      • Food & Dining
      • Personal Development
      • Travel
    • Opinion
      • Columns
      • Editorials
      • Expert Opinions
      • Reader Voices
    • More
      • Politics
        • Elections
        • Government & Policy
        • International Relations
        • Political Analysis
      • Sports
        • Cricket
        • Football / Soccer
        • International Sports
        • Local Sports
      • Technology
        • Artificial Intelligence
        • Cybersecurity
        • Gadgets & Reviews
        • Tech News
      • South Africa News
    Facebook X (Twitter) Instagram
    interluknewsinterluknews
    Cybersecurity

    CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware

    adminBy adminJuly 7, 2026No Comments2 Mins Read
    Share Facebook Twitter Pinterest Copy Link Telegram LinkedIn Tumblr Email
    CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Ravie LakshmananJul 07, 2026

    CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware

    Several versions of firmware released by Chinese network device manufacturer Tenda have been found to embed an undocumented authentication backdoor that enables administrative access to the devices’ web management interfaces, the CERT Coordination Center (CERT/CC) warned Monday.

    “An attacker can exploit this vulnerability, tracked as CVE-2026-11405, to bypass the password verification process and obtain full administrative control without valid credentials,” the CERT/CC said in an alert.

    The vulnerability impacts multiple versions of the firmware –

    • US_FH1201V1.0BR_V1.2.0.14(408)_EN_TD
    • US_W15EV1.0br_V15.11.0.5(1068_1567_841)_EN_TDE
    • US_AC10V1.0re_V15.03.06.46_multi_TDE01
    • US_AC5V1.0RTL_V15.03.06.48_multi_TDE01
    • US_AC6V2.0RTL_V15.03.06.51_multi_T

    The backdoor functionality is present within the “login()” function of the “/bin/httpd” web server binary. While the method initially follows a normal authentication path using MD5-based password verification, it activates an alternate code path if the authentication fails.

    Cybersecurity

    Specifically, this involves calling “GetValue(“sys.rzadmin.password”)” to fetch an alternate password value from the device configuration, and performing a direct plaintext comparison between the user-supplied password and the configuration-stored value. Should these values match, the application grants admin-level access (role=2) and creates a valid session with elevated privileges.

    “The associated [“rzadmin”] username is not validated, so any provided username will succeed when paired with the backdoor password,” the CERT/CC said. “This backdoor authentication mechanism is not documented or visible through any administrative interface.”

    Successful exploitation of this standard username validation override allows full administrative access to the device’s web interface regardless of the administrator account credentials. It can permit an attacker to make unauthorized remote modification of settings, disable security features, or reconfigure the device, potentially leading to a complete device takeover.

    The vulnerability, reported by an anonymous researcher, remains unpatched as of writing. The Hacker News has contacted Tenda for comment, and we will update the story if we hear back.

    In the interim, users are advised to disable remote management on the device and change the default LAN IP address to prevent bad actors from reaching it and reduce opportunistic discovery by automated scanners that target known default IP ranges.

    Admin Backdoor CERTCC Firmware Hidden Router Tenda warns
    Follow on Google News Follow on Flipboard
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
    Previous ArticleFour Seasons Sets Sail, Offering Luxury and Curated Cruise Experiences
    Next Article ‘Overturn this’ – Belgium mock US President Donald Trump and FIFA after USA World Cup exit | Football News
    admin
    • Website

    Related Posts

    BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA

    July 7, 2026

    Discovery Mining: The Timmins Infrastructure Trade Hidden Inside A Gold Producer

    July 7, 2026

    SkillCloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing

    July 7, 2026
    Leave A Reply Cancel Reply

    Demo
    Latest Posts

    Abandoned by Allies, Platner Faces Pressure to End Senate Campaign

    Opinion | Whose Land? Our Land, Not Trump’s.

    How a Four-Generation Cuban Family Survives on $60 a Month

    Opinion | Is This Liberalism’s Last Stand?

    Latest Posts

    Subscribe to News

    Get the latest sports news from NewsSite about world, sports and politics.

    Advertisement
    Demo

    We are a digital news platform delivering timely, accurate, and insightful coverage of politics, global affairs, business, economy, sports, and more. Our mission is to keep readers informed with reliable news, clear analysis, and stories that truly matter.
    We're social. Connect with us:

    Facebook X (Twitter) Instagram Pinterest YouTube

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Type above and press Enter to search. Press Esc to cancel.

    Powered by
    ...
    ►
    Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
    None
    ►
    Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
    None
    ►
    Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
    None
    ►
    Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
    None
    ►
    Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
    None
    Powered by